PowerTool_64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

PowerTool_64.exe
Size

9.0MB
MD5

ea3999af92a594402471748374a468fc
SHA1

142ab367d5f83018d30c3d17b9dd87f2e35eba08
SHA256

b1c7872598053eb2fd07b0eabe223cbccef2edd2e403255b5ab8646e32124862
SHA512

e4bb17d01d175d6d3c1bdb51e5ddee22d5f0db535ab1443ad3b1c3c3ec699ee8aec3b346f08dde41d43cbed6038585123b54eb6421047980fff3218992647d5b
SSDEEP

98304:w2zoysJ9ycKSniFC8S0I5uTdPee+jQJnHyEhOtTnxqyuRZ8Y91kBYS:w2zo7JeS3CTJHkxqyu8YnY

Score

N/A

Malware Config

Signatures

Files

PowerTool_64.exe
.exe windows x86

efccdb4f30c336fcec608132ca01b419

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsDebuggerPresent
GetStartupInfoW
IsProcessorFeaturePresent
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
InitializeSListHead
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetTimeFormatW
GetDateFormatW
GetACP
ExitProcess
GetStdHandle
HeapQueryInformation
VirtualQuery
GetSystemInfo
GetCommandLineW
GetCommandLineA
GetFileType
SetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
GetSystemTimeAsFileTime
WaitForSingleObjectEx
UnhandledExceptionFilter
ResetEvent
GetUserDefaultLCID
SearchPathW
GetProfileIntW
GetTempFileNameW
FindResourceExW
VerifyVersionInfoW
VerSetConditionMask
GetFileTime
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GlobalFlags
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GlobalGetAtomNameW
GetThreadLocale
UnlockFile
SetEndOfFile
LockFile
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CompareStringA
SystemTimeToTzSpecificLocalTime
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
EncodePointer
ResumeThread
SuspendThread
CreateEventW
SetEvent
FreeResource
FormatMessageW
MulDiv
GlobalSize
SetFilePointerEx
MapViewOfFileEx
DeleteFileA
GetModuleFileNameA
SetLastError
SetUnhandledExceptionFilter
QueryPerformanceCounter
QueryPerformanceFrequency
GetExitCodeThread
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
SetProcessWorkingSetSize
DecodePointer
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
SetProcessPriorityBoost
GetCurrentThread
SetThreadPriority
SetPriorityClass
GetFullPathNameW
SetHandleInformation
LoadLibraryExW
IsBadReadPtr
lstrcmpW
GetSystemWow64DirectoryW
ExpandEnvironmentStringsW
GetExitCodeProcess
TerminateProcess
LocalAlloc
GetVolumePathNamesForVolumeNameW
FindVolumeClose
FindNextVolumeW
QueryDosDeviceW
FindFirstVolumeW
GetVolumeInformationA
CopyFileA
GetDiskFreeSpaceA
IsBadStringPtrW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemPowerStatus
lstrcpyA
GetVolumeInformationW
DuplicateHandle
CreateThread
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
RemoveDirectoryW
GetFileAttributesExW
HeapFree
GetProcessHeap
HeapAlloc
lstrcmpiW
lstrcmpA
LoadLibraryA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
lstrlenA
GlobalFree
GetTickCount
FlushFileBuffers
CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
GetModuleHandleA
VirtualFree
VirtualAlloc
MoveFileW
CopyFileW
DefineDosDeviceW
lstrcatW
lstrcpyW
FindClose
Process32NextW
Process32FirstW
GetCurrentProcess
DeleteFileW
WideCharToMultiByte
lstrlenW
IsWow64Process
OutputDebugStringA
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetWindowsDirectoryW
GetSystemDirectoryA
GetVersion
CreateFileA
GetVersionExW
LocalFree
GetFileSize
WriteFile
SetFilePointer
GetCurrentDirectoryW
GetSystemWindowsDirectoryW
GetSystemDirectoryW
GetEnvironmentVariableW
GetLongPathNameW
GetFileAttributesW
SetErrorMode
GetTempPathW
ReadFile
GetFileSizeEx
CreateFileW
GetModuleFileNameW
OutputDebugStringW
GetProcAddress
LoadLibraryW
FreeLibrary
GetModuleHandleW
GetCurrentProcessId
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
OpenProcess
DeviceIoControl
GetLastError
DebugBreak
Sleep
TerminateThread
WaitForSingleObject
GetDriveTypeW
GetLogicalDrives
MoveFileExW
SetFileAttributesW
GlobalUnlock
GlobalLock
GlobalAlloc
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
CloseHandle
FindNextFileW
FindFirstFileW
GetStringTypeW

user32

CharNextW
GetClientRect
SendMessageW
GetPropW
CheckDlgButton
MoveWindow
SetRectEmpty
SendDlgItemMessageA
GetDesktopWindow
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuStringW
CharLowerW
CopyIcon
ClipCursor
TrackMouseEvent
SetWindowPos
UpdateWindow
SetWindowLongW
GrayStringW
DrawTextExW
TabbedTextOutW
PostMessageW
WindowFromPoint
KillTimer
ReleaseCapture
DispatchMessageW
DeleteMenu
SetCapture
GetCapture
GetDlgCtrlID
DrawTextW
DrawFrameControl
IsRectEmpty
PtInRect
ClientToScreen
CopyAcceleratorTableW
InflateRect
ValidateRect
GetFocus
GetKeyState
GetWindow
CopyRect
GetParent
RedrawWindow
DefWindowProcW
DrawIcon
IsIconic
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsMenu
IsChild
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetMenu
SetMenu
TrackPopupMenu
GetForegroundWindow
BeginPaint
EndPaint
ScrollWindow
SetTimer
GetSystemMenu
IsWindowVisible
GetWindowLongW
GetMessageTime
GetAsyncKeyState
CopyImage
RealChildWindowFromPoint
SetWindowTextW
GetWindowTextLengthW
IsDialogMessageW
GetKeyNameTextW
MapVirtualKeyW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
GetLastActivePopup
TranslateMessage
PeekMessageW
SetWindowsHookExW
CallNextHookEx
DestroyMenu
SystemParametersInfoW
RegisterWindowMessageW
GetMessageW
SetPropW
MessageBoxW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetCursorPos
LoadMenuW
GetSubMenu
wsprintfW
GetSysColor
EnableWindow
ShowWindow
ExitWindowsEx
FindWindowW
WaitForInputIdle
SetForegroundWindow
FindWindowExW
SetFocus
GetWindowThreadProcessId
GetWindowRect
LoadCursorW
SetCursor
IsWindow
EnableMenuItem
GetMenuItemInfoW
CheckMenuItem
GetSystemMetrics
SetWindowRgn
ScreenToClient
LoadIconW
GetDC
ReleaseDC
DestroyIcon
OffsetRect
EnumDisplayDevicesW
EnumDisplaySettingsW
LoadBitmapW
UnhookWindowsHookEx
GetMessagePos
ModifyMenuW
InvalidateRgn
SetRect
GetNextDlgGroupItem
MessageBeep
GetWindowTextW
EnumWindows
GetClassNameW
IsClipboardFormatAvailable
SetScrollPos
GetScrollPos
SetScrollRange
UnionRect
SetParent
GetMenuDefaultItem
DrawFocusRect
DrawIconEx
GetScrollRange
ShowScrollBar
RemovePropW
AdjustWindowRectEx
MapWindowPoints
EqualRect
GetClassLongW
GetTopWindow
SetScrollInfo
GetScrollInfo
WinHelpW
MonitorFromWindow
GetMonitorInfoW
GetWindowDC
FillRect
IntersectRect
PostQuitMessage
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
CharUpperW
WaitMessage
BringWindowToTop
LoadAcceleratorsW
TranslateAcceleratorW
CreatePopupMenu
InsertMenuItemW
LoadImageW
UnpackDDElParam
ReuseDDElParam
GetSysColorBrush
UnregisterClassW
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClassLongW
DrawStateW
DrawEdge
IsZoomed
SetCursorPos
FrameRect
RegisterClipboardFormatW
LockWindowUpdate
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
PostThreadMessageW
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
SetMenuDefaultItem
GetDoubleClickTime
CharUpperBuffW
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
GetWindowRgn
DestroyCursor
InvalidateRect

gdi32

MoveToEx
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
GetMapMode
SetRectRgn
DPtoLP
GetTextMetricsW
GetBkColor
GetRgnBox
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
StretchBlt
CreateDIBSection
SetDIBColorTable
Ellipse
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
EnumFontFamiliesExW
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetObjectType
ExcludeClipRect
CreatePatternBrush
CreateHatchBrush
SetBkColor
CreateBitmap
PatBlt
GetDeviceCaps
CreateDCW
CopyMetaFileW
CreateRectRgnIndirect
GetTextExtentPoint32W
CreateFontW
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetPixel
SetPixel
GetTextColor
CreateFontIndirectW
SetTextColor
DeleteObject
GetObjectW
CreatePen
GetClipBox
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateRectRgn
CreateSolidBrush
GetStockObject
SelectObject
CreateEllipticRgn
Rectangle

msimg32

AlphaBlend
TransparentBlt

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

SystemFunction036
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegQueryValueW
BuildExplicitAccessWithNameW
DeleteAce
GetNamedSecurityInfoW
OpenThreadToken
RegEnumKeyW
RegDeleteValueW
RegCreateKeyW
UnlockServiceDatabase
ChangeServiceConfigW
LockServiceDatabase
DeleteService
ControlService
StartServiceW
QueryServiceConfig2W
QueryServiceConfigW
QueryServiceStatus
OpenServiceW
EnumServicesStatusW
LookupPrivilegeDisplayNameW
LookupPrivilegeNameW
CloseServiceHandle
EnumServicesStatusExW
OpenSCManagerW
GetAce
GetAclInformation
EqualSid
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
GetSecurityDescriptorDacl
IsValidSecurityDescriptor
FreeSid
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
LookupAccountSidW
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegEnumValueW
RegOpenKeyExW

shell32

SHGetDesktopFolder
SHGetSpecialFolderLocation
DragFinish
SHGetFileInfoW
Shell_NotifyIconW
SHChangeNotify
DragQueryFileW
DragAcceptFiles
ShellExecuteA
ShellExecuteW
ShellExecuteExW
SHGetMalloc
ExtractIconExW
CommandLineToArgvW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
SHAppBarMessage

comctl32

InitCommonControlsEx
ImageList_AddMasked
ImageList_ReplaceIcon

shlwapi

PathRemoveFileSpecW
StrFormatKBSizeW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
UrlUnescapeW
PathFindFileNameW
StrStrIW
StrToIntExW
StrChrW
StrCmpNA
PathIsDirectoryW
PathFileExistsW

uxtheme

GetWindowTheme
IsAppThemed
GetThemePartSize
GetCurrentThemeName
DrawThemeText
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
OpenThemeData
CloseThemeData
GetThemeColor
GetThemeSysColor

ole32

OleFlushClipboard
CoLockObjectExternal
OleIsCurrentClipboard
DoDragDrop
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
CoRegisterMessageFilter
CoRevokeClassObject
RevokeDragDrop
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemAlloc
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
RegisterDragDrop

oleaut32

SafeArrayDestroy
LoadTypeLi
SystemTimeToVariantTime
SysStringLen
SysAllocStringLen
VariantTimeToDosDateTime
VariantTimeToSystemTime
VariantChangeType
VariantInit
VariantClear
SysFreeString
SysAllocString
VariantCopy
VarBstrFromDate
OleCreateFontIndirect

oledlg

OleUIBusyW

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsExW
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
CM_Get_DevNode_Status
SetupDiEnumDeviceInfo

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

HttpOpenRequestW
InternetOpenW
InternetConnectW
InternetCloseHandle
InternetSetOptionW
HttpSendRequestExW
InternetWriteFile
HttpEndRequestW
HttpQueryInfoW
InternetReadFile
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetOpenUrlW
InternetSetFilePointer
InternetQueryDataAvailable
InternetQueryOptionW
InternetGetLastResponseInfoW
InternetSetStatusCallbackW

psapi

EnumProcessModules
GetModuleFileNameExW
GetModuleInformation

netapi32

NetApiBufferFree
NetShareDel
NetShareEnum
NetUserEnum

ws2_32

WSACleanup
WSCGetProviderPath
WSAStartup
WSCEnumProtocols

imagehlp

ImageGetCertificateHeader

crypt32

CertNameToStrW
CertGetNameStringW

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.8MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 758KB - Virtual size: 758KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

efccdb4f30c336fcec608132ca01b419

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

setupapi

version

wininet

psapi

netapi32

ws2_32

imagehlp

crypt32

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 5.3MB - Virtual size: 5.3MB

.data Size: 1.8MB - Virtual size: 3.0MB

.idata Size: 21KB - Virtual size: 20KB

.gfids Size: 512B - Virtual size: 348B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 758KB - Virtual size: 758KB

.text
Size: 5.3MB - Virtual size: 5.3MB

.data
Size: 1.8MB - Virtual size: 3.0MB

.idata
Size: 21KB - Virtual size: 20KB

.gfids
Size: 512B - Virtual size: 348B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 758KB - Virtual size: 758KB