PowerMDI[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PowerMDI.exe
Size

416KB
MD5

1f77e8fa25f943d5661124b504a9f8e6
SHA1

dfee50db0b20beae06c372aa6ec56883cd618665
SHA256

eacd00d604196661dd9b4e892ab5588775ed4a7e1b922c827d222581fc36be0d
SHA512

6bf8bb59e1276f8fb263d80e6efb244d81dcb7d62cc52a1a4ea130db67ec2e3680d9e80d45eced8565f3184e00ca9d6d58b995b44eb65eefaaa3919d0b469e81
SSDEEP

6144:k2Umte/JfJ/Jfz7sRKfrI2KQ1K6p3RcILeagf2S7qcA0qtU:1UbrIC46/nE2SjAw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PowerMDI.exe

Files

PowerMDI.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 385KB - Virtual size: 385KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ