Report - PowerRun.exe

PowerShell MZ Generic Malware Malicious Library Antivirus PE File OS Processor Check PE32
ScreenShot
Created 2021.09.30 10:00 Machine s1_win7_x6401
Filename PowerRun.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
2
Behavior Score
2.2
ZERO API file : clean
VT API (file)
md5 71c7975385f73ae32b06f69dbe79290b
sha256 c0abbeea8ae726503bc5643f3471e378d92fcb59a37043062bbf9ba64d95004c
ssdeep 12288:XaWzgMg7v3qnCi9ErQohh0F4fCJ8lnyQQdbpSulVAbWjuixwhQaB/Q:qaHMv6CRrj3nyQQdpSulmWjxwhQaG
imphash aaaa8913c89c8aa4a5d93f06853894da
impfuzzy 192:utI6w42OYLF3Ock2OjWS2k8UtBSZ4wc3QOx:sI6wHOIFNkcfkfwc3QOx
  Network IP location

Signature (7cnts)

Level Description
notice Allocates read-write-execute memory (usually to unpack itself)
notice Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice Checks whether any human activity is being performed by constantly checking whether the foreground window changed
notice Searches running processes potentially to identify processes for sandbox evasion
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info One or more processes crashed

Rules (7cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (download)
warning PowerShell_Script_MZ_Zero PowerShell Script MZ [Zero] binaries (download)
watch Antivirus Contains references to security software binaries (download)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

WSOCK32.dll
 0x482790 __WSAFDIsSet
 0x482794 setsockopt
 0x482798 ntohs
 0x48279c recvfrom
 0x4827a0 sendto
 0x4827a4 htons
 0x4827a8 select
 0x4827ac listen
 0x4827b0 WSAStartup
 0x4827b4 ind
 0x4827b8 closesocket
 0x4827bc connect
 0x4827c0 socket
 0x4827c4 send
 0x4827c8 WSACleanup
 0x4827cc ioctlsocket
 0x4827d0 accept
 0x4827d4 WSAGetLastError
 0x4827d8 inet_addr
 0x4827dc gethostbyname
 0x4827e0 gethostname
 0x4827e4 recv
VERSION.dll
 0x482734 VerQueryValueW
 0x482738 GetFileVersionInfoW
 0x48273c GetFileVersionInfoSizeW
WINMM.dll
 0x482780 timeGetTime
 0x482784 waveOutSetVolume
 0x482788 mciSendStringW
COMCTL32.dll
 0x48208c ImageList_Remove
 0x482090 ImageList_SetDragCursorImage
 0x482094 ImageList_BeginDrag
 0x482098 ImageList_DragEnter
 0x48209c ImageList_DragLeave
 0x4820a0 ImageList_EndDrag
 0x4820a4 ImageList_DragMove
 0x4820a8 ImageList_ReplaceIcon
 0x4820ac ImageList_Create
 0x4820b0 InitCommonControlsEx
 0x4820b4 ImageList_Destroy
MPR.dll
 0x4823f4 WNetCancelConnection2W
 0x4823f8 WNetGetConnectionW
 0x4823fc WNetAddConnection2W
 0x482400 WNetUseConnectionW
WININET.dll
 0x482744 InternetReadFile
 0x482748 InternetCloseHandle
 0x48274c InternetOpenW
 0x482750 InternetSetOptionW
 0x482754 InternetCrackUrlW
 0x482758 HttpQueryInfoW
 0x48275c InternetConnectW
 0x482760 HttpOpenRequestW
 0x482764 HttpSendRequestW
 0x482768 FtpOpenFileW
 0x48276c FtpGetFileSize
 0x482770 InternetOpenUrlW
 0x482774 InternetQueryOptionW
 0x482778 InternetQueryDataAvailable
PSAPI.DLL
 0x48244c EnumProcesses
 0x482450 GetModuleBaseNameW
 0x482454 GetProcessMemoryInfo
 0x482458 EnumProcessModules
USERENV.dll
 0x482720 CreateEnvironmentBlock
 0x482724 DestroyEnvironmentBlock
 0x482728 UnloadUserProfile
 0x48272c LoadUserProfileW
KERNEL32.dll
 0x482158 HeapAlloc
 0x48215c Sleep
 0x482160 GetCurrentThreadId
 0x482164 RaiseException
 0x482168 MulDiv
 0x48216c GetVersionExW
 0x482170 GetSystemInfo
 0x482174 MultiByteToWideChar
 0x482178 WideCharToMultiByte
 0x48217c GetModuleHandleW
 0x482180 QueryPerformanceCounter
 0x482184 VirtualFreeEx
 0x482188 OpenProcess
 0x48218c VirtualAllocEx
 0x482190 WriteProcessMemory
 0x482194 ReadProcessMemory
 0x482198 CreateFileW
 0x48219c SetFilePointerEx
 0x4821a0 ReadFile
 0x4821a4 WriteFile
 0x4821a8 FlushFileBuffers
 0x4821ac TerminateProcess
 0x4821b0 CreateToolhelp32Snapshot
 0x4821b4 Process32FirstW
 0x4821b8 Process32NextW
 0x4821bc SetFileTime
 0x4821c0 GetFileAttributesW
 0x4821c4 FindFirstFileW
 0x4821c8 FindClose
 0x4821cc DeleteFileW
 0x4821d0 FindNextFileW
 0x4821d4 lstrcmpiW
 0x4821d8 MoveFileW
 0x4821dc CopyFileW
 0x4821e0 CreateDirectoryW
 0x4821e4 RemoveDirectoryW
 0x4821e8 SetSystemPowerState
 0x4821ec QueryPerformanceFrequency
 0x4821f0 FindResourceW
 0x4821f4 LoadResource
 0x4821f8 LockResource
 0x4821fc SizeofResource
 0x482200 GetProcessHeap
 0x482204 OutputDebugStringW
 0x482208 GetLocalTime
 0x48220c CompareStringW
 0x482210 CompareStringA
 0x482214 InterlockedIncrement
 0x482218 InterlockedDecrement
 0x48221c DeleteCriticalSection
 0x482220 EnterCriticalSection
 0x482224 LeaveCriticalSection
 0x482228 InitializeCriticalSectionAndSpinCount
 0x48222c GetStdHandle
 0x482230 CreatePipe
 0x482234 InterlockedExchange
 0x482238 TerminateThread
 0x48223c GetTempPathW
 0x482240 GetTempFileNameW
 0x482244 VirtualFree
 0x482248 FormatMessageW
 0x48224c GetExitCodeProcess
 0x482250 SetErrorMode
 0x482254 GetPrivateProfileStringW
 0x482258 WritePrivateProfileStringW
 0x48225c GetPrivateProfileSectionW
 0x482260 WritePrivateProfileSectionW
 0x482264 GetPrivateProfileSectionNamesW
 0x482268 FileTimeToLocalFileTime
 0x48226c FileTimeToSystemTime
 0x482270 SystemTimeToFileTime
 0x482274 LocalFileTimeToFileTime
 0x482278 GetDriveTypeW
 0x48227c GetDiskFreeSpaceExW
 0x482280 GetDiskFreeSpaceW
 0x482284 GetVolumeInformationW
 0x482288 SetVolumeLabelW
 0x48228c CreateHardLinkW
 0x482290 DeviceIoControl
 0x482294 SetFileAttributesW
 0x482298 GetShortPathNameW
 0x48229c CreateEventW
 0x4822a0 SetEvent
 0x4822a4 GetEnvironmentVariableW
 0x4822a8 SetEnvironmentVariableW
 0x4822ac GlobalLock
 0x4822b0 GlobalUnlock
 0x4822b4 GlobalAlloc
 0x4822b8 GetFileSize
 0x4822bc GlobalFree
 0x4822c0 GlobalMemoryStatusEx
 0x4822c4 Beep
 0x4822c8 GetComputerNameW
 0x4822cc GetWindowsDirectoryW
 0x4822d0 GetSystemDirectoryW
 0x4822d4 GetCurrentProcessId
 0x4822d8 GetCurrentThread
 0x4822dc GetProcessIoCounters
 0x4822e0 CreateProcessW
 0x4822e4 SetPriorityClass
 0x4822e8 LoadLibraryW
 0x4822ec VirtualAlloc
 0x4822f0 LoadLibraryExW
 0x4822f4 HeapFree
 0x4822f8 WaitForSingleObject
 0x4822fc CreateThread
 0x482300 DuplicateHandle
 0x482304 GetLastError
 0x482308 CloseHandle
 0x48230c GetCurrentProcess
 0x482310 GetProcAddress
 0x482314 LoadLibraryA
 0x482318 FreeLibrary
 0x48231c GetModuleFileNameW
 0x482320 GetFullPathNameW
 0x482324 ExitProcess
 0x482328 ExitThread
 0x48232c GetSystemTimeAsFileTime
 0x482330 SetCurrentDirectoryW
 0x482334 IsDebuggerPresent
 0x482338 GetCurrentDirectoryW
 0x48233c ResumeThread
 0x482340 GetStartupInfoW
 0x482344 TlsGetValue
 0x482348 TlsAlloc
 0x48234c TlsSetValue
 0x482350 TlsFree
 0x482354 SetLastError
 0x482358 HeapSize
 0x48235c GetCPInfo
 0x482360 GetACP
 0x482364 GetOEMCP
 0x482368 IsValidCodePage
 0x48236c UnhandledExceptionFilter
 0x482370 SetUnhandledExceptionFilter
 0x482374 GetModuleFileNameA
 0x482378 HeapReAlloc
 0x48237c HeapCreate
 0x482380 SetHandleCount
 0x482384 GetFileType
 0x482388 GetStartupInfoA
 0x48238c SetStdHandle
 0x482390 GetConsoleCP
 0x482394 GetConsoleMode
 0x482398 LCMapStringW
 0x48239c LCMapStringA
 0x4823a0 RtlUnwind
 0x4823a4 SetFilePointer
 0x4823a8 GetTimeZoneInformation
 0x4823ac GetTimeFormatA
 0x4823b0 GetDateFormatA
 0x4823b4 FreeEnvironmentStringsW
 0x4823b8 GetEnvironmentStringsW
 0x4823bc GetCommandLineW
 0x4823c0 GetTickCount
 0x4823c4 GetStringTypeA
 0x4823c8 GetStringTypeW
 0x4823cc GetLocaleInfoA
 0x4823d0 GetModuleHandleA
 0x4823d4 WriteConsoleA
 0x4823d8 GetConsoleOutputCP
 0x4823dc WriteConsoleW
 0x4823e0 CreateFileA
 0x4823e4 SetEndOfFile
 0x4823e8 EnumResourceNamesW
 0x4823ec SetEnvironmentVariableA
USER32.dll
 0x48249c SetWindowPos
 0x4824a0 GetCursorInfo
 0x4824a4 RegisterHotKey
 0x4824a8 ClientToScreen
 0x4824ac GetKeyboardLayoutNameW
 0x4824b0 IsCharAlphaW
 0x4824b4 IsCharAlphaNumericW
 0x4824b8 IsCharLowerW
 0x4824bc IsCharUpperW
 0x4824c0 GetMenuStringW
 0x4824c4 GetSubMenu
 0x4824c8 GetCaretPos
 0x4824cc IsZoomed
 0x4824d0 MonitorFromPoint
 0x4824d4 GetMonitorInfoW
 0x4824d8 SetWindowLongW
 0x4824dc SetLayeredWindowAttributes
 0x4824e0 FlashWindow
 0x4824e4 GetClassLongW
 0x4824e8 TranslateAcceleratorW
 0x4824ec IsDialogMessageW
 0x4824f0 GetSysColor
 0x4824f4 InflateRect
 0x4824f8 DrawFocusRect
 0x4824fc DrawTextW
 0x482500 FrameRect
 0x482504 DrawFrameControl
 0x482508 FillRect
 0x48250c PtInRect
 0x482510 DestroyAcceleratorTable
 0x482514 CreateAcceleratorTableW
 0x482518 SetCursor
 0x48251c GetWindowDC
 0x482520 GetSystemMetrics
 0x482524 GetActiveWindow
 0x482528 CharNextW
 0x48252c wsprintfW
 0x482530 RedrawWindow
 0x482534 DrawMenuBar
 0x482538 DestroyMenu
 0x48253c SetMenu
 0x482540 GetWindowTextLengthW
 0x482544 CreateMenu
 0x482548 IsDlgButtonChecked
 0x48254c DefDlgProcW
 0x482550 ReleaseCapture
 0x482554 SetCapture
 0x482558 WindowFromPoint
 0x48255c CreateIconFromResourceEx
 0x482560 mouse_event
 0x482564 ExitWindowsEx
 0x482568 SetActiveWindow
 0x48256c FindWindowExW
 0x482570 EnumThreadWindows
 0x482574 SetMenuDefaultItem
 0x482578 InsertMenuItemW
 0x48257c IsMenu
 0x482580 TrackPopupMenuEx
 0x482584 GetCursorPos
 0x482588 DeleteMenu
 0x48258c CheckMenuRadioItem
 0x482590 CopyImage
 0x482594 GetMenuItemCount
 0x482598 SetMenuItemInfoW
 0x48259c GetMenuItemInfoW
 0x4825a0 SetForegroundWindow
 0x4825a4 IsIconic
 0x4825a8 FindWindowW
 0x4825ac SystemParametersInfoW
 0x4825b0 PeekMessageW
 0x4825b4 SendInput
 0x4825b8 GetAsyncKeyState
 0x4825bc SetKeyboardState
 0x4825c0 GetKeyboardState
 0x4825c4 GetKeyState
 0x4825c8 VkKeyScanW
 0x4825cc LoadStringW
 0x4825d0 DialogBoxParamW
 0x4825d4 MessageBeep
 0x4825d8 EndDialog
 0x4825dc SendDlgItemMessageW
 0x4825e0 GetDlgItem
 0x4825e4 SetWindowTextW
 0x4825e8 CopyRect
 0x4825ec ReleaseDC
 0x4825f0 GetDC
 0x4825f4 EndPaint
 0x4825f8 BeginPaint
 0x4825fc GetClientRect
 0x482600 GetMenu
 0x482604 DestroyWindow
 0x482608 EnumWindows
 0x48260c GetDesktopWindow
 0x482610 IsWindow
 0x482614 IsWindowEnabled
 0x482618 IsWindowVisible
 0x48261c EnableWindow
 0x482620 InvalidateRect
 0x482624 GetWindowThreadProcessId
 0x482628 AttachThreadInput
 0x48262c GetFocus
 0x482630 GetWindowTextW
 0x482634 ScreenToClient
 0x482638 SendMessageTimeoutW
 0x48263c EnumChildWindows
 0x482640 CharUpperBuffW
 0x482644 GetClassNameW
 0x482648 GetParent
 0x48264c GetDlgCtrlID
 0x482650 SendMessageW
 0x482654 MapVirtualKeyW
 0x482658 PostMessageW
 0x48265c GetWindowRect
 0x482660 SetUserObjectSecurity
 0x482664 GetUserObjectSecurity
 0x482668 CloseDesktop
 0x48266c CloseWindowStation
 0x482670 OpenDesktopW
 0x482674 SetProcessWindowStation
 0x482678 GetProcessWindowStation
 0x48267c OpenWindowStationW
 0x482680 MessageBoxW
 0x482684 DefWindowProcW
 0x482688 MoveWindow
 0x48268c AdjustWindowRectEx
 0x482690 SetRect
 0x482694 SetClipboardData
 0x482698 EmptyClipboard
 0x48269c CountClipboardFormats
 0x4826a0 CloseClipboard
 0x4826a4 GetClipboardData
 0x4826a8 IsClipboardFormatAvailable
 0x4826ac OpenClipboard
 0x4826b0 BlockInput
 0x4826b4 GetMessageW
 0x4826b8 LockWindowUpdate
 0x4826bc DispatchMessageW
 0x4826c0 GetMenuItemID
 0x4826c4 TranslateMessage
 0x4826c8 SetFocus
 0x4826cc PostQuitMessage
 0x4826d0 KillTimer
 0x4826d4 CreatePopupMenu
 0x4826d8 RegisterWindowMessageW
 0x4826dc SetTimer
 0x4826e0 ShowWindow
 0x4826e4 CreateWindowExW
 0x4826e8 RegisterClassExW
 0x4826ec LoadIconW
 0x4826f0 LoadCursorW
 0x4826f4 GetSysColorBrush
 0x4826f8 GetForegroundWindow
 0x4826fc MessageBoxA
 0x482700 DestroyIcon
 0x482704 UnregisterHotKey
 0x482708 CharLowerBuffW
 0x48270c MonitorFromRect
 0x482710 keybd_event
 0x482714 LoadImageW
 0x482718 GetWindowLongW
GDI32.dll
 0x4820c8 DeleteObject
 0x4820cc GetObjectW
 0x4820d0 GetTextExtentPoint32W
 0x4820d4 ExtCreatePen
 0x4820d8 StrokeAndFillPath
 0x4820dc StrokePath
 0x4820e0 EndPath
 0x4820e4 SetPixel
 0x4820e8 CloseFigure
 0x4820ec CreateCompatibleBitmap
 0x4820f0 CreateCompatibleDC
 0x4820f4 SelectObject
 0x4820f8 StretchBlt
 0x4820fc GetDIBits
 0x482100 LineTo
 0x482104 AngleArc
 0x482108 MoveToEx
 0x48210c Ellipse
 0x482110 PolyDraw
 0x482114 BeginPath
 0x482118 Rectangle
 0x48211c GetDeviceCaps
 0x482120 SetBkMode
 0x482124 RoundRect
 0x482128 SetBkColor
 0x48212c CreatePen
 0x482130 CreateSolidBrush
 0x482134 SetTextColor
 0x482138 CreateFontW
 0x48213c GetTextFaceW
 0x482140 GetStockObject
 0x482144 CreateDCW
 0x482148 GetPixel
 0x48214c DeleteDC
 0x482150 SetViewportOrgEx
COMDLG32.dll
 0x4820bc GetSaveFileNameW
 0x4820c0 GetOpenFileNameW
ADVAPI32.dll
 0x482000 RegEnumValueW
 0x482004 RegDeleteValueW
 0x482008 RegDeleteKeyW
 0x48200c RegSetValueExW
 0x482010 RegCreateKeyExW
 0x482014 GetUserNameW
 0x482018 RegConnectRegistryW
 0x48201c RegEnumKeyExW
 0x482020 CloseServiceHandle
 0x482024 UnlockServiceDatabase
 0x482028 LockServiceDatabase
 0x48202c OpenSCManagerW
 0x482030 InitiateSystemShutdownExW
 0x482034 AdjustTokenPrivileges
 0x482038 RegCloseKey
 0x48203c RegQueryValueExW
 0x482040 RegOpenKeyExW
 0x482044 OpenThreadToken
 0x482048 OpenProcessToken
 0x48204c LookupPrivilegeValueW
 0x482050 DuplicateTokenEx
 0x482054 CreateProcessAsUserW
 0x482058 CreateProcessWithLogonW
 0x48205c InitializeSecurityDescriptor
 0x482060 InitializeAcl
 0x482064 GetLengthSid
 0x482068 SetSecurityDescriptorDacl
 0x48206c CopySid
 0x482070 LogonUserW
 0x482074 GetTokenInformation
 0x482078 GetAclInformation
 0x48207c GetAce
 0x482080 AddAce
 0x482084 GetSecurityDescriptorDacl
SHELL32.dll
 0x482460 DragQueryPoint
 0x482464 ShellExecuteExW
 0x482468 SHGetFolderPathW
 0x48246c DragQueryFileW
 0x482470 SHEmptyRecycleBinW
 0x482474 SHBrowseForFolderW
 0x482478 SHFileOperationW
 0x48247c SHGetPathFromIDListW
 0x482480 SHGetDesktopFolder
 0x482484 SHGetMalloc
 0x482488 ExtractIconExW
 0x48248c Shell_NotifyIconW
 0x482490 ShellExecuteW
 0x482494 DragFinish
ole32.dll
 0x4827ec OleSetMenuDescriptor
 0x4827f0 MkParseDisplayName
 0x4827f4 OleSetContainedObject
 0x4827f8 CoInitialize
 0x4827fc CoUninitialize
 0x482800 CoCreateInstance
 0x482804 CreateStreamOnHGlobal
 0x482808 CoTaskMemAlloc
 0x48280c CoTaskMemFree
 0x482810 CLSIDFromString
 0x482814 StringFromCLSID
 0x482818 IIDFromString
 0x48281c StringFromIID
 0x482820 OleInitialize
 0x482824 CreateBindCtx
 0x482828 CLSIDFromProgID
 0x48282c CoInitializeSecurity
 0x482830 CoCreateInstanceEx
 0x482834 CoSetProxyBlanket
 0x482838 OleUninitialize
OLEAUT32.dll
 0x482408 SafeArrayAllocData
 0x48240c SafeArrayAllocDescriptorEx
 0x482410 SysAllocString
 0x482414 OleLoadPicture
 0x482418 SafeArrayGetVartype
 0x48241c SafeArrayDestroyData
 0x482420 SafeArrayAccessData
 0x482424 VarR8FromDec
 0x482428 VariantTimeToSystemTime
 0x48242c VariantClear
 0x482430 VariantCopy
 0x482434 VariantInit
 0x482438 SafeArrayDestroyDescriptor
 0x48243c LoadRegTypeLib
 0x482440 GetActiveObject
 0x482444 SafeArrayUnaccessData

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure