PowerMDI[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PowerMDI.exe
Size

399KB
MD5

c40dfcaae03c58d49d72cacb49701e93
SHA1

7fd8ce68324898f2d6bd8a356cb4f53681665683
SHA256

ccec9884aa38c40eeb4802b702e57ea31fcb150c871f8e2279303759b7eedeb8
SHA512

d73ce210ec8e13b07db32fc67a1115e1a15dcef517e0aeb05334ea1f226179e8cedf0329b177d11f9dad43c5c1e31c3d8f63da430ff42e236d2d1dfc536c7b10
SSDEEP

6144:g2rpx3bjghCZf+i4cbVHdz6P2iKQGKR6NfX8ILOqg/2SihAK:BrpE+dzhGjR6tnk2SiAK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PowerMDI.exe

Files

PowerMDI.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ