powder[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

powder.exe
Size

6.9MB
MD5

f3f568fd6e27a5dcd78d203019e87b18
SHA1

065968ee29b0e67d9562e26f5c8144ed49313c42
SHA256

f5a90219f60217ffde102eee7c674dbc093f819849638618464ef6401b7eb798
SHA512

5db11dedda6963680f2626658fbe0eb547314f77fd4ed2876b994b49382aecdff6e72b2b5fa3e0a0d163e665a8dfb39f80638b0a29d25231cad1ac3cf3dccd90
SSDEEP

98304:08X3pAukdI/rqwZUrhuKVhq1aTW3z8u0LYbL80/2uN7H:0+Vk+uZVhq1aK3zP00v809

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
powder.exe

Files

powder.exe
.exe windows:6 windows x64

af0f30e9f14e140813d09a01b0cad475

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

imm32

ImmReleaseContext
ImmAssociateContext
ImmGetCompositionStringW
ImmSetCompositionStringW
ImmGetCandidateListW
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetIMEFileNameA
ImmGetContext

winmm

timeEndPeriod
timeBeginPeriod

wsock32

send
inet_ntoa
listen
htonl
accept
WSACleanup
WSAStartup
select
__WSAFDIsSet
WSASetLastError
recv
ntohs
getsockopt
getsockname
getpeername
connect
bind
socket
htons
WSAGetLastError
closesocket
setsockopt

ws2_32

WSACreateEvent
WSAEnumNetworkEvents
freeaddrinfo
getaddrinfo
inet_ntop
inet_pton
WSAIoctl
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEventSelect
WSACloseEvent

crypt32

CertEnumCertificatesInStore
CertOpenSystemStoreW
CertFreeCertificateContext
CertCloseStore
CryptBinaryToStringA

kernel32

GetModuleFileNameW
GetFileAttributesW
GetACP
MultiByteToWideChar
MoveFileExW
SetConsoleCP
WideCharToMultiByte
SetConsoleOutputCP
GetTickCount
ExitProcess
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
QueryPerformanceFrequency
CreateDirectoryW
CreateFileW
GetFileSizeEx
ReadFile
SetFilePointer
SetFilePointerEx
WriteFile
CloseHandle
SetErrorMode
WaitForSingleObjectEx
GetModuleHandleW
GetProcAddress
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
SetThreadExecutionState
GetEnvironmentVariableA
IsDebuggerPresent
RaiseException
CreateThread
GetCurrentThread
SetThreadPriority
FreeLibrary
LoadLibraryW
MulDiv
GetModuleHandleExW
ReleaseSemaphore
CreateSemaphoreW
VerSetConditionMask
LoadLibraryExW
FormatMessageW
VerifyVersionInfoW
GlobalAlloc
GlobalUnlock
GlobalLock
CompareStringA
TlsAlloc
TlsGetValue
TlsSetValue
RtlUnwindEx
VirtualFree
GetFileAttributesExW
GetModuleHandleA
InitializeCriticalSection
WaitForSingleObject
LoadLibraryExA
GetModuleFileNameA
GetModuleHandleExA
FormatMessageA
VirtualAlloc
VirtualProtect
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
SleepEx
GetSystemDirectoryA
LoadLibraryA
MoveFileExA
ReleaseMutex
CreateMutexA
FindClose
FindFirstFileW
FindNextFileW
lstrlenW
GetSystemTimeAsFileTime
FreeLibraryAndExitThread
ExitThread
CreateProcessW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
GetFullPathNameW
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
RemoveDirectoryW
DeleteFileW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
WriteConsoleW
GetFileType
GetStdHandle
SetConsoleCtrlHandler
RtlPcToFileHeader
InterlockedFlushSList
InterlockedPushEntrySList
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
DecodePointer
EncodePointer
TlsFree
GetStringTypeW
GetExitCodeThread
SwitchToThread
GetConsoleOutputCP
DuplicateHandle
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
CreateEventW
ResetEvent
SetEvent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapAlloc
HeapFree
GetTempPathW
FlsAlloc
CreatePipe
SetEndOfFile
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
HeapSize
CreateTimerQueue
SignalObjectAndWait
GetThreadPriority
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
Sleep
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
GetVersionExW
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
SetLastError
GetLastError
GetExitCodeProcess
HeapReAlloc
GetTimeZoneInformation
FlushFileBuffers
SetStdHandle
EnumSystemLocalesW
IsValidLocale
GetConsoleMode
GetUserDefaultLCID
LocalFree
ReadConsoleW
VirtualQuery
RtlUnwind
GetTimeFormatW

user32

EnumDisplaySettingsW
ChangeDisplaySettingsExW
MapVirtualKeyW
ToUnicode
GetKeyboardLayout
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
SetClipboardData
GetClipboardSequenceNumber
CloseClipboard
OpenClipboard
GetRawInputData
DestroyIcon
LoadIconW
CallNextHookEx
GetCursorPos
SetCursor
GetPropW
ValidateRect
InvalidateRect
GetUpdateRect
KillTimer
MonitorFromPoint
EnumDisplayMonitors
SetCapture
ReleaseCapture
SetCursorPos
LoadCursorW
EnumDisplayDevicesW
SetTimer
GetAsyncKeyState
GetKeyState
IsIconic
CopyImage
CreateIconIndirect
GetClassInfoExW
RegisterClassExW
CallWindowProcW
GetMessageExtraInfo
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
TrackMouseEvent
RegisterRawInputDevices
MonitorFromWindow
MonitorFromRect
CreateIconFromResource
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowThreadProcessId
GetParent
SetWindowLongW
GetWindowLongW
PtInRect
IsRectEmpty
IntersectRect
ClipCursor
ScreenToClient
ClientToScreen
GetClipCursor
AdjustWindowRectEx
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
RemovePropW
SetPropW
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
GetMenu
GetKeyboardState
GetFocus
SetWindowPos
FlashWindowEx
SetLayeredWindowAttributes
ShowWindow
DestroyWindow
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
AttachThreadInput
SendMessageW
SystemParametersInfoW
SystemParametersInfoA
SetWindowLongPtrW
GetWindowLongPtrW
ReleaseDC
GetDC
DrawTextW
GetSystemMetrics
SetFocus
GetDlgItem
EndDialog
DialogBoxIndirectParamW
PostMessageW
RegisterWindowMessageA
GetDoubleClickTime
GetMonitorInfoW
SetWindowRgn
SetWindowTextW

gdi32

CreateCompatibleBitmap
GetDIBits
CreateBitmap
ChoosePixelFormat
DescribePixelFormat
CreateDIBSection
SetPixelFormat
SwapBuffers
BitBlt
CombineRgn
CreateRectRgn
DeleteObject
SetDeviceGammaRamp
GetDeviceGammaRamp
GetICMProfileW
CreateDCW
GetTextMetricsW
SelectObject
CreateFontIndirectW
GetTextExtentPoint32A
GetDeviceCaps
DeleteDC
GetPixelFormat
CreateCompatibleDC

shell32

CommandLineToArgvW
ExtractIconExW
DragFinish
DragQueryFileW
DragAcceptFiles
SHGetFolderPathW
ShellExecuteW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString

advapi32

CryptGetHashParam
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
CryptGenRandom
CryptDestroyHash
CryptHashData
CryptCreateHash
RegSetValueExW
CryptReleaseContext
CryptAcquireContextA

bcrypt

BCryptGenRandom

Exports

Exports

__swprintf_l
__vswprintf_l
_fprintf_l
_fprintf_p
_fprintf_p_l
_fprintf_s_l
_fscanf_l
_fscanf_s_l
_fwprintf_l
_fwprintf_p
_fwprintf_p_l
_fwprintf_s_l
_fwscanf_l
_fwscanf_s_l
_printf_l
_printf_p
_printf_p_l
_printf_s_l
_scanf_l
_scanf_s_l
_scprintf
_scprintf_l
_scprintf_p
_scprintf_p_l
_scwprintf
_scwprintf_l
_scwprintf_p
_scwprintf_p_l
_snprintf
_snprintf_c
_snprintf_c_l
_snprintf_l
_snprintf_s
_snprintf_s_l
_snscanf
_snscanf_l
_snscanf_s
_snscanf_s_l
_snwprintf
_snwprintf_l
_snwprintf_s
_snwprintf_s_l
_snwscanf
_snwscanf_l
_snwscanf_s
_snwscanf_s_l
_sprintf_l
_sprintf_p
_sprintf_p_l
_sprintf_s_l
_sscanf_l
_sscanf_s_l
_swprintf
_swprintf_c
_swprintf_c_l
_swprintf_l
_swprintf_p
_swprintf_p_l
_swprintf_s_l
_swscanf_l
_swscanf_s_l
_vfprintf_l
_vfprintf_p
_vfprintf_p_l
_vfprintf_s_l
_vfscanf_l
_vfscanf_s_l
_vfwprintf_l
_vfwprintf_p
_vfwprintf_p_l
_vfwprintf_s_l
_vfwscanf_l
_vfwscanf_s_l
_vprintf_l
_vprintf_p
_vprintf_p_l
_vprintf_s_l
_vscanf_l
_vscanf_s_l
_vscprintf
_vscprintf_l
_vscprintf_p
_vscprintf_p_l
_vscwprintf
_vscwprintf_l
_vscwprintf_p
_vscwprintf_p_l
_vsnprintf
_vsnprintf_c
_vsnprintf_c_l
_vsnprintf_l
_vsnprintf_s
_vsnprintf_s_l
_vsnwprintf
_vsnwprintf_l
_vsnwprintf_s
_vsnwprintf_s_l
_vsnwscanf_l
_vsnwscanf_s_l
_vsprintf_l
_vsprintf_p
_vsprintf_p_l
_vsprintf_s_l
_vsscanf_l
_vsscanf_s_l
_vswprintf
_vswprintf_c
_vswprintf_c_l
_vswprintf_l
_vswprintf_p
_vswprintf_p_l
_vswprintf_s_l
_vswscanf_l
_vswscanf_s_l
_vwprintf_l
_vwprintf_p
_vwprintf_p_l
_vwprintf_s_l
_vwscanf_l
_vwscanf_s_l
_wprintf_l
_wprintf_p
_wprintf_p_l
_wprintf_s_l
_wscanf_l
_wscanf_s_l
fprintf
fprintf_s
fscanf
fscanf_s
fwprintf
fwprintf_s
fwscanf
fwscanf_s
printf
printf_s
scanf
scanf_s
snprintf
sprintf
sprintf_s
sscanf
sscanf_s
swprintf
swprintf_s
swscanf
swscanf_s
vfprintf
vfprintf_s
vfscanf
vfscanf_s
vfwprintf
vfwprintf_s
vfwscanf
vfwscanf_s
vprintf
vprintf_s
vscanf
vscanf_s
vsnprintf
vsnprintf_s
vsprintf
vsprintf_s
vsscanf
vsscanf_s
vswprintf
vswprintf_s
vswscanf
vswscanf_s
vwprintf
vwprintf_s
vwscanf
vwscanf_s
wprintf
wprintf_s
wscanf
wscanf_s

Sections

.text
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af0f30e9f14e140813d09a01b0cad475

Headers

DLL Characteristics

File Characteristics

Imports

version

imm32

winmm

wsock32

ws2_32

crypt32

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

bcrypt

Exports

Exports

Sections

.text Size: 4.9MB - Virtual size: 4.9MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 114KB - Virtual size: 172KB

.pdata Size: 193KB - Virtual size: 192KB

.gxfg Size: 20KB - Virtual size: 20KB

.gehcont Size: 512B - Virtual size: 36B

_RDATA Size: 5KB - Virtual size: 4KB

.rsrc Size: 57KB - Virtual size: 56KB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 4.9MB - Virtual size: 4.9MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 114KB - Virtual size: 172KB

.pdata
Size: 193KB - Virtual size: 192KB

.gxfg
Size: 20KB - Virtual size: 20KB

.gehcont
Size: 512B - Virtual size: 36B

_RDATA
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 57KB - Virtual size: 56KB

.reloc
Size: 21KB - Virtual size: 21KB