powder (4)[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

powder (4).exe
Size

6.5MB
MD5

f8312d5d70d4725472b87d64b74dae34
SHA1

a658d40048badcfe2bface9056e90c478c5550a5
SHA256

2a8230b6dd7f9b8da569ed1a1fee2791a136136dee9bc70cc0c6b6ba2f98a1bd
SHA512

e7eff091b26227b3b01f0a0ae5fc4c91b638d01b14355a85614a747b4b385bba0c4f41739fd816c338f10883d600cc143154d568561816090cae1ebcdd368b2d
SSDEEP

98304:T/jmGei38gEV46KJKmAedCq1a1RzqoVoihdJcjcQ:TpeisgHoedCq1aD7iiLJcgQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
powder (4).exe

Files

powder (4).exe
.exe windows:6 windows x64

5435b6157dcce3200534abee59069836

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

imm32

ImmReleaseContext
ImmAssociateContext
ImmGetCompositionStringW
ImmSetCompositionStringW
ImmGetCandidateListW
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetIMEFileNameA
ImmGetContext

winmm

timeEndPeriod
timeBeginPeriod

wsock32

inet_ntoa
listen
htonl
accept
WSACleanup
WSAStartup
select
__WSAFDIsSet
WSASetLastError
recv
ntohs
getsockopt
getsockname
getpeername
connect
bind
socket
htons
WSAGetLastError
closesocket
setsockopt
send

ws2_32

freeaddrinfo
getaddrinfo
WSACloseEvent
inet_pton
WSAIoctl
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
inet_ntop

crypt32

CryptQueryObject
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CertGetCertificateChain
CryptDecodeObjectEx

kernel32

GetModuleFileNameW
GetFileAttributesW
GetACP
MultiByteToWideChar
GetLastError
MoveFileExW
SetConsoleCP
WideCharToMultiByte
SetConsoleOutputCP
GetTickCount
ExitProcess
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
QueryPerformanceFrequency
CreateDirectoryW
CreateFileW
GetFileSizeEx
ReadFile
SetFilePointer
SetFilePointerEx
WriteFile
CloseHandle
SetErrorMode
WaitForSingleObjectEx
GetModuleHandleW
GetProcAddress
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
SetThreadExecutionState
GetEnvironmentVariableA
IsDebuggerPresent
RaiseException
CreateThread
GetCurrentThread
SetThreadPriority
FreeLibrary
LoadLibraryW
MulDiv
GetModuleHandleExW
ReleaseSemaphore
CreateSemaphoreW
VerSetConditionMask
LoadLibraryExW
FormatMessageW
VerifyVersionInfoW
GlobalAlloc
CreatePipe
GlobalLock
CompareStringA
TlsAlloc
TlsGetValue
TlsSetValue
RtlUnwindEx
VirtualFree
VirtualQuery
GetModuleHandleA
InitializeCriticalSection
WaitForSingleObject
LoadLibraryExA
GetModuleFileNameA
GetModuleHandleExA
FormatMessageA
VirtualAlloc
VirtualProtect
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
SleepEx
GetSystemDirectoryA
LoadLibraryA
MoveFileExA
CreateFileA
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetSystemTimeAsFileTime
ExitThread
CreateProcessW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
GetFullPathNameW
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
RemoveDirectoryW
DeleteFileW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileW
FindFirstFileExW
FindClose
WriteConsoleW
GetFileType
GetStdHandle
SetConsoleCtrlHandler
RtlPcToFileHeader
InterlockedFlushSList
InterlockedPushEntrySList
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
DecodePointer
HeapFree
EncodePointer
TlsFree
GetStringTypeW
GetExitCodeThread
SwitchToThread
DuplicateHandle
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
CreateEventW
ResetEvent
SetEvent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTempPathW
FlsAlloc
SetEndOfFile
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
HeapSize
CreateTimerQueue
SignalObjectAndWait
GetThreadPriority
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
Sleep
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
GetVersionExW
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
SetLastError
GetFileAttributesExW
GetExitCodeProcess
HeapReAlloc
GetTimeZoneInformation
FlushFileBuffers
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
FreeLibraryAndExitThread
IsValidLocale
LocalFree
HeapAlloc
GlobalUnlock
RtlUnwind
GetTimeFormatW

user32

EnumDisplaySettingsW
ChangeDisplaySettingsExW
MapVirtualKeyW
ToUnicode
GetKeyboardLayout
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
SetClipboardData
GetClipboardSequenceNumber
CloseClipboard
OpenClipboard
GetRawInputData
DestroyIcon
LoadIconW
CallNextHookEx
GetCursorPos
SetCursor
GetPropW
ValidateRect
InvalidateRect
GetUpdateRect
MonitorFromPoint
EnumDisplayMonitors
SetCapture
ReleaseCapture
SetCursorPos
LoadCursorW
EnumDisplayDevicesW
KillTimer
SetTimer
GetAsyncKeyState
GetKeyState
CopyImage
CreateIconIndirect
IsIconic
GetClassInfoExW
RegisterClassExW
CallWindowProcW
GetMessageExtraInfo
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
TrackMouseEvent
RegisterRawInputDevices
MonitorFromWindow
MonitorFromRect
CreateIconFromResource
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowThreadProcessId
GetParent
SetWindowLongW
GetWindowLongW
PtInRect
IsRectEmpty
IntersectRect
ClipCursor
ScreenToClient
ClientToScreen
GetClipCursor
AdjustWindowRectEx
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RemovePropW
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
GetMenu
GetKeyboardState
GetFocus
SetWindowPos
FlashWindowEx
SetLayeredWindowAttributes
ShowWindow
DestroyWindow
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
AttachThreadInput
SendMessageW
SystemParametersInfoW
SystemParametersInfoA
SetWindowLongPtrW
GetWindowLongPtrW
ReleaseDC
GetDC
DrawTextW
GetSystemMetrics
SetFocus
GetDlgItem
EndDialog
DialogBoxIndirectParamW
PostMessageW
RegisterWindowMessageA
GetDoubleClickTime
GetMonitorInfoW
SetWindowRgn
SetPropW

gdi32

CreateRectRgn
BitBlt
SwapBuffers
SetPixelFormat
GetPixelFormat
DescribePixelFormat
ChoosePixelFormat
CreateBitmap
GetDIBits
CreateCompatibleBitmap
CreateDIBSection
CreateFontIndirectW
CombineRgn
DeleteObject
SetDeviceGammaRamp
GetDeviceGammaRamp
GetICMProfileW
CreateDCW
GetTextMetricsW
SelectObject
GetTextExtentPoint32A
GetDeviceCaps
DeleteDC
CreateCompatibleDC

shell32

CommandLineToArgvW
ExtractIconExW
DragFinish
DragQueryFileW
DragAcceptFiles
SHGetFolderPathW
ShellExecuteW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString

advapi32

RegSetValueExW
RegDeleteKeyW
RegCloseKey
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegCreateKeyExW

bcrypt

BCryptGenRandom

Exports

Exports

__swprintf_l
__vswprintf_l
_fprintf_l
_fprintf_p
_fprintf_p_l
_fprintf_s_l
_fscanf_l
_fscanf_s_l
_fwprintf_l
_fwprintf_p
_fwprintf_p_l
_fwprintf_s_l
_fwscanf_l
_fwscanf_s_l
_printf_l
_printf_p
_printf_p_l
_printf_s_l
_scanf_l
_scanf_s_l
_scprintf
_scprintf_l
_scprintf_p
_scprintf_p_l
_scwprintf
_scwprintf_l
_scwprintf_p
_scwprintf_p_l
_snprintf
_snprintf_c
_snprintf_c_l
_snprintf_l
_snprintf_s
_snprintf_s_l
_snscanf
_snscanf_l
_snscanf_s
_snscanf_s_l
_snwprintf
_snwprintf_l
_snwprintf_s
_snwprintf_s_l
_snwscanf
_snwscanf_l
_snwscanf_s
_snwscanf_s_l
_sprintf_l
_sprintf_p
_sprintf_p_l
_sprintf_s_l
_sscanf_l
_sscanf_s_l
_swprintf
_swprintf_c
_swprintf_c_l
_swprintf_l
_swprintf_p
_swprintf_p_l
_swprintf_s_l
_swscanf_l
_swscanf_s_l
_vfprintf_l
_vfprintf_p
_vfprintf_p_l
_vfprintf_s_l
_vfscanf_l
_vfscanf_s_l
_vfwprintf_l
_vfwprintf_p
_vfwprintf_p_l
_vfwprintf_s_l
_vfwscanf_l
_vfwscanf_s_l
_vprintf_l
_vprintf_p
_vprintf_p_l
_vprintf_s_l
_vscanf_l
_vscanf_s_l
_vscprintf
_vscprintf_l
_vscprintf_p
_vscprintf_p_l
_vscwprintf
_vscwprintf_l
_vscwprintf_p
_vscwprintf_p_l
_vsnprintf
_vsnprintf_c
_vsnprintf_c_l
_vsnprintf_l
_vsnprintf_s
_vsnprintf_s_l
_vsnwprintf
_vsnwprintf_l
_vsnwprintf_s
_vsnwprintf_s_l
_vsnwscanf_l
_vsnwscanf_s_l
_vsprintf_l
_vsprintf_p
_vsprintf_p_l
_vsprintf_s_l
_vsscanf_l
_vsscanf_s_l
_vswprintf
_vswprintf_c
_vswprintf_c_l
_vswprintf_l
_vswprintf_p
_vswprintf_p_l
_vswprintf_s_l
_vswscanf_l
_vswscanf_s_l
_vwprintf_l
_vwprintf_p
_vwprintf_p_l
_vwprintf_s_l
_vwscanf_l
_vwscanf_s_l
_wprintf_l
_wprintf_p
_wprintf_p_l
_wprintf_s_l
_wscanf_l
_wscanf_s_l
fprintf
fprintf_s
fscanf
fscanf_s
fwprintf
fwprintf_s
fwscanf
fwscanf_s
printf
printf_s
scanf
scanf_s
snprintf
sprintf
sprintf_s
sscanf
sscanf_s
swprintf
swprintf_s
swscanf
swscanf_s
vfprintf
vfprintf_s
vfscanf
vfscanf_s
vfwprintf
vfwprintf_s
vfwscanf
vfwscanf_s
vprintf
vprintf_s
vscanf
vscanf_s
vsnprintf
vsnprintf_s
vsprintf
vsprintf_s
vsscanf
vsscanf_s
vswprintf
vswprintf_s
vswscanf
vswscanf_s
vwprintf
vwprintf_s
vwscanf
vwscanf_s
wprintf
wprintf_s
wscanf
wscanf_s

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5435b6157dcce3200534abee59069836

Headers

DLL Characteristics

File Characteristics

Imports

version

imm32

winmm

wsock32

ws2_32

crypt32

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

bcrypt

Exports

Exports

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 114KB - Virtual size: 158KB

.pdata Size: 177KB - Virtual size: 177KB

.gxfg Size: 20KB - Virtual size: 20KB

.gehcont Size: 512B - Virtual size: 36B

_RDATA Size: 5KB - Virtual size: 4KB

.rsrc Size: 57KB - Virtual size: 56KB

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 4.6MB - Virtual size: 4.6MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 114KB - Virtual size: 158KB

.pdata
Size: 177KB - Virtual size: 177KB

.gxfg
Size: 20KB - Virtual size: 20KB

.gehcont
Size: 512B - Virtual size: 36B

_RDATA
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 57KB - Virtual size: 56KB

.reloc
Size: 19KB - Virtual size: 18KB