General

  • Target

    Poweliks.zip

  • Size

    112KB

  • MD5

    1a1c9e567fb8a496e59ec64a2053282d

  • SHA1

    27f39f2299cd30763edf69ab4a0df7c9904ef40b

  • SHA256

    069f8465baeaa5b1b95e68f68db2a98f59025b9fa88bbcb80fc775d0efd2d67d

  • SHA512

    0c10250e43e4d46e2a82e3f592a453825efd9f6ab99bdf6a47b3a8d0d5ed5dff3a9224fae70111359274c81122e264e0a4eacb120678f71603b2b41f17e01ff0

  • SSDEEP

    3072:7AE0TV7F0otlGdtMcjQYdyBVxsPRc3VOnpJZdj3WmLZOwg:kEaV7NGdtjjpqXsPRjnpF3WaZOwg

Score
3/10

Malware Config

Signatures

  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • Poweliks.zip
    .zip

    Password: infected

  • PayloadA.txt
  • PayloadA_decoded.bin
  • ScriptA.txt
    .ps1
  • ScriptB.txt
    .ps1
  • dropper.ex_
    .exe windows:5 windows x86 arch:x86

    5cafa89cc24cd000febd858ff526290b


    Headers

    Imports

    Exports

    Sections

  • payload.dll
    .dll windows:5 windows x86 arch:x86

    67412f20a27799b0714ecf390d4d1ec5


    Headers

    Imports

    Sections

  • unpacked_dropper.ex_
    .exe .ps1 windows:5 windows x86 arch:x86