PowerTool32[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

PowerTool32.exe
Size

5.5MB
MD5

af4727184782c7ba284cfd1fc02723a3
SHA1

3a5155420e5b9c26a4eaa34ecf0edd254b860a31
SHA256

611db45c564ffb1b67a85b2249f30e5a95f2b7ab2ceec403cb22555a708c61d9
SHA512

0386f0ff0e813440f7d499ede673254bc5653eb5af172d8e8fbdce8462b20f12470cb8631247fadd8014b96bd156b91531b564d131fcf089d2a7c24aa704bebf
SSDEEP

98304:ywJl+NUbQ/t8wbeMDC9XXDaQlPz/loID7RHuLabWoekB2:ywj+eQmhZdfuLabxeY2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PowerTool32.exe

Files

PowerTool32.exe
.exe windows x86

6f0dac5090e7b129e746b01432ae3a6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsW
UnhandledExceptionFilter
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
GetEnvironmentStringsW
GetSystemInfo
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
ReadConsoleW
WriteConsoleW
SetEnvironmentVariableA
GetStartupInfoW
GetStdHandle
LCMapStringW
VirtualQuery
HeapQueryInformation
GetModuleHandleExW
ExitProcess
GetFileType
SetStdHandle
RtlUnwind
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
ExitThread
GetCommandLineW
FindResourceExW
SearchPathW
GetProfileIntW
GetUserDefaultLCID
GetTempFileNameW
VerifyVersionInfoW
VerSetConditionMask
GetFileTime
GetFileAttributesExW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GlobalFlags
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GlobalGetAtomNameW
GetThreadLocale
UnlockFile
SetEndOfFile
LockFile
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CompareStringA
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
EncodePointer
ResumeThread
SuspendThread
CreateEventW
SetEvent
FreeResource
FormatMessageW
MulDiv
GlobalSize
SetFilePointerEx
MapViewOfFileEx
DeleteFileA
GetModuleFileNameA
QueryDosDeviceW
SetThreadAffinityMask
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetExitCodeThread
SetProcessWorkingSetSize
DecodePointer
HeapSize
RaiseException
InitializeCriticalSectionAndSpinCount
HeapReAlloc
SetProcessPriorityBoost
GetCurrentThread
SetThreadPriority
SetPriorityClass
GetFullPathNameW
SetHandleInformation
LeaveCriticalSection
SetLastError
EnterCriticalSection
VirtualProtect
LoadLibraryExW
lstrcmpW
GetWindowsDirectoryA
ExpandEnvironmentStringsW
GetExitCodeProcess
TerminateProcess
LocalAlloc
ReadProcessMemory
GetVolumeInformationA
CopyFileA
GetDiskFreeSpaceA
IsBadStringPtrW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemPowerStatus
lstrcpyA
GetVolumeInformationW
DuplicateHandle
CreateThread
RemoveDirectoryW
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
HeapFree
GetProcessHeap
HeapAlloc
lstrcmpiW
SetProcessAffinityMask
GetProcessAffinityMask
lstrcmpA
LoadLibraryA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
lstrlenA
GlobalFree
GetTickCount
FlushFileBuffers
lstrcpynA
OutputDebugStringA
LoadLibraryExA
CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
GetModuleHandleA
VirtualFree
VirtualAlloc
MoveFileW
DeleteFileW
CopyFileW
GetShortPathNameW
DefineDosDeviceW
lstrcatW
lstrcpyW
Process32NextW
Process32FirstW
GetCurrentProcess
WideCharToMultiByte
GetWindowsDirectoryW
GetSystemDirectoryA
CreateFileA
GetVersionExW
lstrlenW
LocalFree
InterlockedDecrement
GetFileSize
WriteFile
SetFilePointer
GetCurrentDirectoryW
GetSystemWindowsDirectoryW
GetSystemDirectoryW
GetEnvironmentVariableW
GetLongPathNameW
GetFileAttributesW
SetErrorMode
GetTempPathW
ReadFile
GetFileSizeEx
CreateFileW
GetModuleFileNameW
GetVersion
OutputDebugStringW
GetProcAddress
LoadLibraryW
FreeLibrary
GetModuleHandleW
GetCurrentProcessId
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
OpenProcess
FindClose
DeviceIoControl
GetLastError
DebugBreak
Sleep
TerminateThread
WaitForSingleObject
GetDriveTypeW
GetLogicalDrives
MoveFileExW
SetFileAttributesW
GlobalUnlock
GlobalLock
GlobalAlloc
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
CloseHandle
FindNextFileW
FindFirstFileW
IsValidLocale

user32

SetWindowTextW
CheckDlgButton
MoveWindow
SendDlgItemMessageA
GetDesktopWindow
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuStringW
CharLowerW
CopyIcon
ClipCursor
TrackMouseEvent
SetWindowPos
UpdateWindow
SetWindowLongW
GrayStringW
DrawTextExW
TabbedTextOutW
PostMessageW
WindowFromPoint
ReleaseCapture
DispatchMessageW
GetWindowTextLengthW
IsDialogMessageW
GetKeyNameTextW
DrawStateW
DrawEdge
GetClientRect
SendMessageW
GetPropW
GetMessageW
SetCapture
GetCapture
GetDlgCtrlID
DrawTextW
DrawFrameControl
IsRectEmpty
PtInRect
ClientToScreen
InvalidateRect
InflateRect
ValidateRect
GetFocus
GetKeyState
GetWindow
CopyRect
GetParent
RedrawWindow
UnregisterClassW
DrawIcon
IsIconic
KillTimer
SetTimer
GetSystemMenu
IsWindowVisible
GetWindowLongW
GetClassNameW
EnumWindows
GetWindowTextW
ModifyMenuW
GetMessagePos
GetWindowTextA
UnhookWindowsHookEx
LoadBitmapW
EnumDisplaySettingsW
EnumDisplayDevicesW
OffsetRect
DestroyIcon
ReleaseDC
GetDC
LoadIconW
ScreenToClient
SetWindowRgn
GetSystemMetrics
CheckMenuItem
GetMenuItemInfoW
EnableMenuItem
IsWindow
SetCursor
LoadCursorW
GetWindowRect
GetWindowThreadProcessId
SetFocus
FindWindowExW
SetForegroundWindow
WaitForInputIdle
FindWindowW
ExitWindowsEx
ShowWindow
EnableWindow
GetSysColor
wsprintfW
GetSubMenu
MapVirtualKeyW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
GetLastActivePopup
TranslateMessage
PeekMessageW
SetWindowsHookExW
CallNextHookEx
DestroyMenu
SystemParametersInfoW
RegisterWindowMessageW
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsChild
GetWindowPlacement
LoadMenuW
GetCursorPos
CloseClipboard
SetClipboardData
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetMenu
SetMenu
TrackPopupMenu
GetForegroundWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
RemovePropW
AdjustWindowRectEx
MapWindowPoints
EqualRect
GetClassLongW
GetTopWindow
SetScrollInfo
SetPropW
IsMenu
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
MessageBoxW
OpenClipboard
EmptyClipboard
IsZoomed
PostThreadMessageW
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
SetCursorPos
SetClassLongW
GetDoubleClickTime
SetMenuDefaultItem
CharUpperBuffW
FrameRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetUpdateRect
SubtractRect
CreateMenu
DestroyCursor
GetWindowRgn
SetLayeredWindowAttributes
LockWindowUpdate
RegisterClipboardFormatW
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
GetAsyncKeyState
GetIconInfo
DrawIconEx
DrawFocusRect
GetMenuDefaultItem
SetParent
UnionRect
IsClipboardFormatAvailable
MessageBeep
GetNextDlgGroupItem
SetRect
EnumDisplayMonitors
InvalidateRgn
CopyAcceleratorTableW
CharNextW
DeleteMenu
WaitMessage
CopyImage
RealChildWindowFromPoint
GetSysColorBrush
ReuseDDElParam
UnpackDDElParam
LoadImageW
SetRectEmpty
InsertMenuItemW
CreatePopupMenu
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
CharUpperW
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
IntersectRect
FillRect
EndPaint
BeginPaint
GetWindowDC
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo

gdi32

MoveToEx
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
GetMapMode
SetRectRgn
DPtoLP
GetTextMetricsW
GetBkColor
GetRgnBox
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
GetTextCharsetInfo
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
EnumFontFamiliesExW
OffsetRgn
CreateRoundRectRgn
RoundRect
FrameRgn
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
LPtoDP
GetViewportOrgEx
GetTextFaceW
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetObjectType
ExcludeClipRect
CreatePatternBrush
CreateHatchBrush
SetBkColor
CreateBitmap
PatBlt
GetDeviceCaps
CreateDCW
CopyMetaFileW
CreateRectRgnIndirect
GetTextExtentPoint32W
CreateFontW
Escape
TextOutW
RectVisible
PtVisible
GetPixel
SetPixel
GetTextColor
CreateFontIndirectW
SetTextColor
DeleteObject
GetObjectW
CreatePen
GetClipBox
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
Rectangle
SelectObject
GetStockObject
CreateSolidBrush
EnumFontFamiliesW
ExtTextOutW
CreateRectRgn

msimg32

AlphaBlend
TransparentBlt

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

QueryServiceConfigW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegQueryValueW
BuildExplicitAccessWithNameW
DeleteAce
GetNamedSecurityInfoW
OpenThreadToken
RegEnumKeyW
RegDeleteValueW
RegCreateKeyW
RegQueryValueExA
UnlockServiceDatabase
ChangeServiceConfigW
LockServiceDatabase
DeleteService
ControlService
StartServiceW
QueryServiceConfig2W
RegOpenKeyExW
QueryServiceStatus
OpenServiceW
EnumServicesStatusW
LookupPrivilegeDisplayNameW
LookupPrivilegeNameW
CloseServiceHandle
EnumServicesStatusExW
OpenSCManagerW
GetAce
GetAclInformation
EqualSid
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
GetSecurityDescriptorDacl
IsValidSecurityDescriptor
FreeSid
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
LookupAccountSidW
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegEnumValueW
RegDeleteKeyW

shell32

SHGetDesktopFolder
SHGetPathFromIDListW
SHGetSpecialFolderPathW
CommandLineToArgvW
ExtractIconExW
SHGetMalloc
ShellExecuteExW
ShellExecuteW
ShellExecuteA
DragAcceptFiles
DragQueryFileW
SHChangeNotify
Shell_NotifyIconW
SHGetFileInfoW
DragFinish
SHGetSpecialFolderLocation
SHAppBarMessage
SHBrowseForFolderW

comctl32

ImageList_AddMasked
InitCommonControlsEx
ImageList_ReplaceIcon

shlwapi

PathIsUNCW
PathAppendW
PathFileExistsW
PathIsDirectoryW
StrCmpNA
StrChrW
StrToIntExW
StrStrIW
PathStripToRootW
PathFindFileNameW
UrlUnescapeW
PathFindExtensionW
PathRemoveFileSpecW
StrFormatKBSizeW

uxtheme

GetThemePartSize
DrawThemeText
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
OpenThemeData
CloseThemeData
IsAppThemed
GetThemeColor
GetCurrentThemeName
GetThemeSysColor
GetWindowTheme

ole32

OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleCreateMenuDescriptor
OleLockRunning
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance
DoDragDrop
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
ReleaseStgMedium
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CoSetProxyBlanket
CoTaskMemAlloc
OleDuplicateData
CoCreateGuid
CLSIDFromProgID
CLSIDFromString

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit
VariantChangeType
VariantTimeToSystemTime
VariantTimeToDosDateTime
SysAllocStringLen
SysStringLen
SystemTimeToVariantTime
SafeArrayDestroy
OleCreateFontIndirect
LoadTypeLi
VarBstrFromDate
VariantCopy

oledlg

OleUIBusyW

setupapi

SetupDiOpenDevRegKey
SetupDiGetClassDevsExW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyClassImageList
SetupDiGetClassImageList
SetupDiGetClassImageIndex
SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoW
SetupDiGetDriverInfoDetailW
SetupDiDestroyDeviceInfoList
SetupDiRemoveDevice
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
CM_Get_DevNode_Status
SetupDiDestroyDriverInfoList
SetupDiEnumDeviceInfo

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetQueryOptionW
InternetQueryDataAvailable
InternetOpenUrlW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetReadFile
HttpQueryInfoW
HttpEndRequestW
InternetWriteFile
HttpSendRequestExW
InternetSetOptionW
InternetCloseHandle
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetSetFilePointer

psapi

EnumProcessModules
GetModuleInformation
GetModuleFileNameExW

netapi32

NetUserEnum
NetApiBufferFree
NetShareDel
NetShareEnum

imagehlp

ImageGetCertificateHeader

crypt32

CertGetNameStringW
CertNameToStrW

ws2_32

inet_ntoa
WSAStartup
WSCEnumProtocols
WSCGetProviderPath
WSACleanup
ntohs

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

gdiplus

GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapUnlockBits
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipGetImagePixelFormat
GdipDrawImageRectI

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f0dac5090e7b129e746b01432ae3a6d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

setupapi

version

wininet

psapi

netapi32

imagehlp

crypt32

ws2_32

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.data Size: 1.3MB - Virtual size: 2.5MB

.idata Size: 21KB - Virtual size: 20KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 192KB - Virtual size: 192KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.data
Size: 1.3MB - Virtual size: 2.5MB

.idata
Size: 21KB - Virtual size: 20KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 192KB - Virtual size: 192KB