PowerToysSetup-0[.]36[.]0-x64[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

PowerToysSetup-0.36.0-x64.exe
Size

37.4MB
MD5

29a85b6f71cae72aca54be8ab24f25e9
SHA1

485c63819aef4a99164444486207acab73f87f51
SHA256

6191c8b0781406622b24ad93ef58f7880ef67bae6e165b6b7c693c8d8ecbb951
SHA512

5a9f4697dc9b7801fddddb0dccbf8ee5faba4d354d0ac1a05e8782663a741880e102993935c1f44fbc3fd60e59d7af472de71d54cea81ca0d4c84f81f16a4ccb
SSDEEP

786432:YWBa9SRyqNe7f9dG68fuy6oZdJbM/GDEYKXlMZ4jNfSrLFdE0i:YWBa9Sd07frSJemZYNfALi

Score

1^/10

Malware Config

Signatures

Files

PowerToysSetup-0.36.0-x64.exe
.exe windows:6 windows x64

f6db99841921f3cd8771bf816e45f5a3

Code Sign

33:00:00:01:e0:71:73:24:ca:5c:98:f8:19:00:00:00:00:01:e0
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:31

Not After

02/12/2021, 21:31

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f7:cd:8c:be:9b:3a:59:82:8d:f8:d8:76:5c:97:d8:5c:f6:38:86:82:bc:ad:49:81:dc:bd:5f:ec:86:e4:27:8f
Signer

Actual PE Digest

f7:cd:8c:be:9b:3a:59:82:8d:f8:d8:76:5c:97:d8:5c:f6:38:86:82:bc:ad:49:81:dc:bd:5f:ec:86:e4:27:8f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-processthreads-l1-1-0

ExitThread
GetCurrentThreadId
OpenProcessToken
GetCurrentProcess
GetExitCodeProcess
TerminateProcess
SwitchToThread
GetExitCodeThread
GetCurrentProcessId
GetCurrentThread
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
GetThreadPriority
CreateThread
SetThreadPriority
TlsAlloc

api-ms-win-core-localization-l1-2-0

IsValidCodePage
GetCPInfo
GetACP
FormatMessageW
GetLocaleInfoW

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateString

api-ms-win-core-synch-l1-1-0

ReleaseMutex
CreateMutexW
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
WaitForSingleObject
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
CreateEventW
CreateSemaphoreExW
ReleaseSemaphore
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
ResetEvent

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess
GetThreadTimes

api-ms-win-core-psapi-l1-1-0

K32EnumProcesses

oleaut32

SysAllocString
SysFreeString
SetErrorInfo
SysStringLen
GetErrorInfo

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentVariableW
GetCommandLineA
GetStdHandle
FreeEnvironmentStringsW
SetStdHandle
GetCommandLineW
GetCurrentDirectoryW
GetEnvironmentStringsW

api-ms-win-core-heap-l1-1-0

HeapSize
HeapReAlloc
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleFileNameA
FreeLibraryAndExitThread
GetModuleFileNameW
GetProcAddress

msi

ord70
ord113
ord169
ord88
ord173
ord205
ord141

shlwapi

PathFindFileNameW

comctl32

InitCommonControlsEx

kernel32

SizeofResource
CreateFileA
LCMapStringW
AreFileApisANSI
CreateFileW
GetFileInformationByHandle
GetOEMCP
EnumSystemLocalesW
LoadResource
LockResource
GetPackageFamilyName
GetTimeFormatW
GetDateFormatW
ExitProcess
LoadLibraryW
UnregisterWaitEx
VirtualProtect
VirtualAlloc
LoadLibraryExW
GetModuleHandleA
UnregisterWait
RegisterWaitForSingleObject
GetUserDefaultLCID
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
CreateTimerQueue
GetStartupInfoW
UnhandledExceptionFilter
RtlVirtualUnwind
CompareStringW
FindResourceW
IsValidLocale
RtlCaptureContext
K32GetProcessImageFileNameW
GetModuleHandleExW
GetModuleHandleW

user32

GetWindowLongPtrW
SendMessageW
DestroyWindow
PostQuitMessage
DefWindowProcW
LoadIconW
RegisterClassExW
GetClientRect
CreateWindowExW
UpdateWindow
SendInput
SetForegroundWindow
GetActiveWindow
MessageBoxW
LoadStringW
GetDesktopWindow
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
SetTimer
ShowWindow
MessageBoxA

gdi32

SetBkColor
SetTextColor
CreateSolidBrush

advapi32

GetUserNameW

shell32

SHGetKnownFolderPath
ShellExecuteExW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoGetApartmentType
CoGetObjectContext
CoCreateFreeThreadedMarshaler

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec

api-ms-win-core-file-l1-1-0

GetFileAttributesExW
RemoveDirectoryW
FindFirstFileExW
SetFilePointerEx
FindClose
DeleteFileW
ReadFile
FindNextFileW
CreateDirectoryW
SetEndOfFile
GetFileType
FlushFileBuffers
WriteFile
GetFileAttributesW

api-ms-win-core-io-l1-1-1

CancelIo
GetOverlappedResultEx

api-ms-win-core-kernel32-legacy-l1-1-0

CreateNamedPipeA

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-file-l1-2-2

GetTempFileNameA

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
GetDynamicTimeZoneInformation

api-ms-win-core-synch-l1-2-0

SignalObjectAndWait
Sleep

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

api-ms-win-core-console-l1-1-0

WriteConsoleA
ReadConsoleW
GetConsoleCP
WriteConsoleW
GetConsoleMode

api-ms-win-core-console-l2-1-0

SetConsoleTextAttribute
GetConsoleScreenBufferInfo

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwind
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetLogicalProcessorInformation
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InitializeSListHead
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList

api-ms-win-core-processtopology-obsolete-l1-1-0

SetThreadAffinityMask
GetProcessAffinityMask

api-ms-win-core-memory-l1-1-0

VirtualFree

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoOriginateLanguageException

api-ms-win-core-winrt-l1-1-0

RoInitialize

api-ms-win-core-threadpool-l1-2-0

TrySubmitThreadpoolCallback

Sections

.text
Size: 688KB - Virtual size: 687KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 36.5MB - Virtual size: 36.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6db99841921f3cd8771bf816e45f5a3

Code Sign

33:00:00:01:e0:71:73:24:ca:5c:98:f8:19:00:00:00:00:01:e0Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

f7:cd:8c:be:9b:3a:59:82:8d:f8:d8:76:5c:97:d8:5c:f6:38:86:82:bc:ad:49:81:dc:bd:5f:ec:86:e4:27:8fSigner

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-debug-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-psapi-l1-1-0

oleaut32

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

msi

shlwapi

comctl32

kernel32

user32

gdi32

advapi32

shell32

version

api-ms-win-core-com-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-io-l1-1-1

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-file-l1-2-2

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-console-l2-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-processtopology-obsolete-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-threadpool-l1-2-0

Sections

.text Size: 688KB - Virtual size: 687KB

.rdata Size: 207KB - Virtual size: 206KB

.data Size: 30KB - Virtual size: 40KB

.pdata Size: 37KB - Virtual size: 36KB

_RDATA Size: 512B - Virtual size: 256B

.rsrc Size: 36.5MB - Virtual size: 36.5MB

.reloc Size: 7KB - Virtual size: 6KB

33:00:00:01:e0:71:73:24:ca:5c:98:f8:19:00:00:00:00:01:e0
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

f7:cd:8c:be:9b:3a:59:82:8d:f8:d8:76:5c:97:d8:5c:f6:38:86:82:bc:ad:49:81:dc:bd:5f:ec:86:e4:27:8f
Signer

.text
Size: 688KB - Virtual size: 687KB

.rdata
Size: 207KB - Virtual size: 206KB

.data
Size: 30KB - Virtual size: 40KB

.pdata
Size: 37KB - Virtual size: 36KB

_RDATA
Size: 512B - Virtual size: 256B

.rsrc
Size: 36.5MB - Virtual size: 36.5MB

.reloc
Size: 7KB - Virtual size: 6KB