× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1e67476281c1ec1cf40e17d7fc28a3ab3250b474ef41cb10a72130990f0be6a0
File name: powerkatz.dll
Detection ratio: 1 / 55
Analysis date: 2015-12-15 04:10:36 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
ESET-NOD32 a variant of Win64/HackTool.Mimikatz.F potentially unsafe 20151215
Ad-Aware 20151215
AegisLab 20151214
Yandex 20151214
AhnLab-V3 20151214
Alibaba 20151208
ALYac 20151215
Antiy-AVL 20151215
Arcabit 20151215
Avast 20151215
AVG 20151214
Avira (no cloud) 20151215
AVware 20151215
Baidu-International 20151214
BitDefender 20151215
Bkav 20151214
ByteHero 20151215
CAT-QuickHeal 20151215
ClamAV 20151215
CMC 20151214
Comodo 20151215
Cyren 20151215
DrWeb 20151215
Emsisoft 20151215
F-Prot 20151215
F-Secure 20151215
Fortinet 20151215
GData 20151215
Ikarus 20151215
Jiangmin 20151214
K7AntiVirus 20151214
K7GW 20151214
Kaspersky 20151214
Malwarebytes 20151214
McAfee 20151215
McAfee-GW-Edition 20151214
Microsoft 20151215
eScan 20151215
NANO-Antivirus 20151215
nProtect 20151214
Panda 20151213
Qihoo-360 20151215
Rising 20151215
Sophos AV 20151215
SUPERAntiSpyware 20151215
Symantec 20151214
Tencent 20151215
TheHacker 20151215
TrendMicro 20151215
TrendMicro-HouseCall 20151215
VBA32 20151214
VIPRE 20151215
ViRobot 20151215
Zillya 20151214
Zoner 20151215
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2015-12-15 03:16:46
Entry Point 0x0002601C
Number of sections 6
PE sections
PE imports
CryptDestroyKey
LsaQueryTrustedDomainInfoByName
RegCloseKey
LookupAccountSidW
DuplicateTokenEx
QueryServiceObjectSecurity
CopySid
CryptSetHashParam
OpenServiceW
ControlService
CryptEncrypt
CreateProcessWithLogonW
ClearEventLogW
GetNumberOfEventLogRecords
DeleteService
OpenThreadToken
CryptHashData
RegQueryValueExW
CryptImportKey
CryptCreateHash
CloseServiceHandle
IsTextUnicode
CryptGetKeyParam
CreateWellKnownSid
OpenProcessToken
LsaClose
LsaEnumerateTrustedDomainsEx
RegOpenKeyExW
CreateProcessAsUserW
SetServiceObjectSecurity
SystemFunction036
CryptDuplicateKey
SystemFunction032
OpenEventLogW
LsaRetrievePrivateData
LsaOpenPolicy
CryptGenKey
ConvertSidToStringSidW
CreateServiceW
GetTokenInformation
LsaFreeMemory
CryptReleaseContext
CryptAcquireContextA
CryptGetUserKey
RegQueryInfoKeyW
RegEnumKeyExW
CryptGenRandom
CryptAcquireContextW
GetSidSubAuthority
BuildSecurityDescriptorW
GetSidSubAuthorityCount
SetThreadToken
GetLengthSid
ConvertStringSidToSidW
CryptDecrypt
CryptGetProvParam
CryptDestroyHash
CryptEnumProvidersW
LsaQueryInformationPolicy
RegEnumValueW
StartServiceW
RegSetValueExW
CryptSetKeyParam
FreeSid
CryptGetHashParam
CredEnumerateW
OpenSCManagerW
CryptExportKey
AllocateAndInitializeSid
CheckTokenMembership
QueryServiceStatusEx
SystemFunction025
SystemFunction005
SystemFunction006
SystemFunction007
CredFree
CertEnumCertificatesInStore
CryptUnprotectData
CryptAcquireCertificatePrivateKey
CertOpenStore
PFXExportCertStoreEx
CertAddEncodedCertificateToStore
CertAddCertificateContextToStore
CertFreeCertificateContext
CertCloseStore
CryptProtectData
CertGetCertificateContextProperty
CertGetNameStringW
CertSetCertificateContextProperty
CryptBinaryToStringW
CertEnumSystemStore
HidD_GetAttributes
HidP_GetCaps
HidD_FreePreparsedData
HidD_GetHidGuid
HidD_GetPreparsedData
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
SetConsoleCursorPosition
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
FreeEnvironmentStringsW
InitializeSListHead
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FindClose
TlsGetValue
SetLastError
DeviceIoControl
WriteProcessMemory
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
RaiseException
RtlVirtualUnwind
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateThread
InterlockedFlushSList
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
VirtualQuery
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
TlsAlloc
VirtualProtect
FlushFileBuffers
FillConsoleOutputCharacterW
CreateRemoteThread
OpenProcess
GetDateFormatW
GetStartupInfoW
ReadProcessMemory
GetProcAddress
GetConsoleScreenBufferInfo
VirtualProtectEx
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
GetFileSizeEx
FindNextFileW
RtlLookupFunctionEntry
FindFirstFileW
DuplicateHandle
RtlUnwindEx
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
VirtualAllocEx
GetConsoleCP
GetEnvironmentStringsW
CreateProcessW
FileTimeToLocalFileTime
GetCurrentDirectoryW
VirtualFreeEx
GetCurrentProcessId
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
ReadConsoleW
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
RtlCaptureContext
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
UnmapViewOfFile
VirtualFree
Sleep
VirtualAlloc
DsGetDcNameW
NetApiBufferFree
DsAddSidHistoryW
DsBindW
DsUnBindW
RpcBindingFree
NdrClientCall3
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
I_RpcBindingInqSecurityContext
RpcBindingSetOption
RpcStringFreeW
SamOpenDomain
SamQueryInformationUser
SamLookupNamesInDomain
SamOpenUser
SamEnumerateDomainsInSamServer
SamEnumerateUsersInDomain
SamCloseHandle
SamGetAliasMembership
SamGetGroupsForUser
SamConnect
SamRidToSid
SamLookupDomainInSamServer
SamLookupIdsInDomain
SamFreeMemory
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
CommandLineToArgvW
PathIsRelativeW
PathCanonicalizeW
PathCombineW
LsaDeregisterLogonProcess
QueryContextAttributesW
LsaConnectUntrusted
LsaLookupAuthenticationPackage
LsaFreeReturnBuffer
FreeContextBuffer
LsaCallAuthenticationPackage
GetKeyboardLayout
IsCharAlphaNumericW
CDLocateCSystem
MD5Final
MD5Update
CDLocateCheckSum
CDGenerateRandomBits
MD5Init
RtlDowncaseUnicodeString
RtlInitUnicodeString
RtlAppendUnicodeStringToString
RtlStringFromGUID
NtTerminateProcess
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlGetNtVersionNumbers
NtQueryObject
RtlGUIDFromString
RtlUpcaseUnicodeString
NtQuerySystemInformation
RtlAnsiStringToUnicodeString
RtlEqualUnicodeString
RtlEqualString
RtlFreeUnicodeString
RtlCreateUserThread
NtResumeProcess
NtQueryInformationProcess
RtlAdjustPrivilege
NtSuspendProcess
RtlGetCurrentPeb
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

FileTypeExtension
dll

TimeStamp
2015:12:15 04:16:46+01:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
268288

LinkerVersion
14.0

EntryPoint
0x2601c

InitializedDataSize
246272

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
5.2

UninitializedDataSize
0

File identification
MD5 351728443b314b727981bbda6347eae8
SHA1 cec2112ddf991b41c6da2251d229496c6d3a930b
SHA256 1e67476281c1ec1cf40e17d7fc28a3ab3250b474ef41cb10a72130990f0be6a0
ssdeep
6144:RWFDAzxlCSQis34XP434Wt7U0kqslpxR+o52hCqKvkzRQOwR+bKx5IRYZ:RWe1l7s3WQoWtg0kqEHCn2

authentihash a8649190c73a9b2ff39bf7401543fadc9af1118b24a76d8d035fc6d9215343a4
imphash 2ca518ef3d8e97be7b55daeeaeb75911
File size 498.5 KB ( 510464 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (console) Mono/.Net assembly

TrID Win64 Executable (generic) (87.3%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2015-12-15 04:10:36 UTC ( 2 years, 11 months ago )
Last submission 2016-06-14 06:50:58 UTC ( 2 years, 5 months ago )
File names powerkatz.dll
katzmimi64.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!