PowerDataRecovery[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

PowerDataRecovery.exe
Size

3.2MB
MD5

d3f124ab68c5cc875f50fb1d0039fd52
SHA1

4e716109b323540655d66d74a73bd7fd431df930
SHA256

d5100fdc458ca718b81ff10ec7c07aab4af6524ebe14b08ee431054bb2d81eb0
SHA512

e8f21edc245eb5efab74019df5d0309cf6424c08b5f27fda33372070365e62b471975aed320a5ab08461a0eb18101453f33d72ccf1ee243498c17b7c8c5d16cb
SSDEEP

98304:cazIednO6VwTGG+/9IsSUl7vo/tNolPl0T4KEfUJt:FzDdnOYeGZ1IgvoDs90T7Jt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PowerDataRecovery.exe

Files

PowerDataRecovery.exe
.exe windows:5 windows x64 arch:x64

c310141fbad06a4d0951e4ae28bae35b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

powerdatarecoverycore

??1KMemoryPool@@UEAA@XZ

ikernel

klog_log

qt5core

?qrand@@YAHXZ

qt5gui

??1QPen@@QEAA@XZ

qt5widgets

??1QMenu@@UEAA@XZ

qt5network

??1QSslError@@QEAA@XZ

user32

GetDC

gdi32

DeleteDC

advapi32

RegCloseKey

shell32

ord155

ole32

OleRun

oleaut32

VariantClear

avcodec-58

av_dup_packet

avfilter-7

avfilter_link

avformat-58

av_read_frame

avutil-56

av_log

sdl2

SDL_Quit

swresample-3

swr_free

swscale-5

sws_scale

qpdf

??1QPdfView@@UEAA@XZ

fvformatsupport

CCellsFormat

msvcr120

rand

msvcp120

_Thrd_detach

propsys

PSGetPropertyKeyFromName

mpr

WNetCloseEnum

libeay32

ord66

libcurl

curl_easy_init

Sections

.MPRESS1
Size: 3.1MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c310141fbad06a4d0951e4ae28bae35b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

powerdatarecoverycore

ikernel

qt5core

qt5gui

qt5widgets

qt5network

user32

gdi32

advapi32

shell32

ole32

oleaut32

avcodec-58

avfilter-7

avformat-58

avutil-56

sdl2

swresample-3

swscale-5

qpdf

fvformatsupport

msvcr120

msvcp120

propsys

mpr

libeay32

libcurl

Sections

.MPRESS1 Size: 3.1MB - Virtual size: 7.2MB

.MPRESS2 Size: 5KB - Virtual size: 4KB

.rsrc Size: 182KB - Virtual size: 182KB

.MPRESS1
Size: 3.1MB - Virtual size: 7.2MB

.MPRESS2
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 182KB - Virtual size: 182KB