× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c20f30326fcebad25446cf2e267c341ac34664efad5c50ff07f0738ae2390eae
File name: powerkatz.dll
Detection ratio: 2 / 54
Analysis date: 2015-12-15 04:15:13 UTC ( 3 years ago ) View latest
Antivirus Result Update
ESET-NOD32 a variant of Win32/HackTool.Mimikatz.K potentially unsafe 20151215
McAfee-GW-Edition BehavesLike.Win32.Multiplug.fh 20151214
Ad-Aware 20151215
AegisLab 20151214
Yandex 20151214
AhnLab-V3 20151214
Alibaba 20151208
ALYac 20151215
Antiy-AVL 20151215
Arcabit 20151215
Avast 20151215
AVG 20151214
Avira (no cloud) 20151215
AVware 20151215
Baidu-International 20151214
BitDefender 20151215
Bkav 20151214
ByteHero 20151215
CAT-QuickHeal 20151215
ClamAV 20151215
CMC 20151214
Comodo 20151215
Cyren 20151215
DrWeb 20151215
Emsisoft 20151215
F-Prot 20151215
F-Secure 20151215
Fortinet 20151215
GData 20151215
Ikarus 20151215
Jiangmin 20151214
K7AntiVirus 20151214
K7GW 20151214
Kaspersky 20151214
Malwarebytes 20151214
McAfee 20151215
Microsoft 20151215
eScan 20151215
NANO-Antivirus 20151215
nProtect 20151214
Panda 20151213
Qihoo-360 20151215
Rising 20151215
Sophos AV 20151215
SUPERAntiSpyware 20151215
Symantec 20151214
TheHacker 20151215
TrendMicro 20151215
TrendMicro-HouseCall 20151215
VBA32 20151214
VIPRE 20151215
ViRobot 20151215
Zillya 20151214
Zoner 20151215
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-15 02:03:17
Entry Point 0x0001E0C9
Number of sections 5
PE sections
PE imports
CryptDestroyKey
LsaQueryTrustedDomainInfoByName
RegCloseKey
LookupAccountSidW
DuplicateTokenEx
QueryServiceObjectSecurity
CopySid
CryptSetHashParam
OpenServiceW
ControlService
CryptEncrypt
CreateProcessWithLogonW
ClearEventLogW
GetNumberOfEventLogRecords
DeleteService
OpenThreadToken
CryptHashData
RegQueryValueExW
CryptImportKey
CryptCreateHash
CloseServiceHandle
IsTextUnicode
CryptGetKeyParam
CreateWellKnownSid
OpenProcessToken
LsaClose
LsaEnumerateTrustedDomainsEx
RegOpenKeyExW
CreateProcessAsUserW
SetServiceObjectSecurity
SystemFunction036
CryptDuplicateKey
SystemFunction032
OpenEventLogW
LsaRetrievePrivateData
LsaOpenPolicy
CryptGenKey
ConvertSidToStringSidW
CreateServiceW
GetTokenInformation
LsaFreeMemory
CryptReleaseContext
CryptAcquireContextA
CryptGetUserKey
RegQueryInfoKeyW
RegEnumKeyExW
CryptGenRandom
CryptAcquireContextW
GetSidSubAuthority
BuildSecurityDescriptorW
GetSidSubAuthorityCount
SetThreadToken
GetLengthSid
ConvertStringSidToSidW
CryptDecrypt
CryptGetProvParam
CryptDestroyHash
CryptEnumProvidersW
LsaQueryInformationPolicy
RegEnumValueW
StartServiceW
RegSetValueExW
CryptSetKeyParam
FreeSid
CryptGetHashParam
CredEnumerateW
OpenSCManagerW
CryptExportKey
AllocateAndInitializeSid
CheckTokenMembership
QueryServiceStatusEx
SystemFunction025
SystemFunction005
SystemFunction006
SystemFunction007
CredFree
CertEnumCertificatesInStore
CryptUnprotectData
CryptAcquireCertificatePrivateKey
CertOpenStore
PFXExportCertStoreEx
CertAddEncodedCertificateToStore
CertAddCertificateContextToStore
CertFreeCertificateContext
CertCloseStore
CryptProtectData
CertGetCertificateContextProperty
CertGetNameStringW
CertSetCertificateContextProperty
CryptBinaryToStringW
CertEnumSystemStore
HidD_GetAttributes
HidD_GetPreparsedData
HidP_GetCaps
HidD_FreePreparsedData
HidD_GetHidGuid
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
SetEndOfFile
SetConsoleCursorPosition
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
FreeEnvironmentStringsW
InitializeSListHead
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
IsWow64Process
FindClose
TlsGetValue
SetLastError
DeviceIoControl
WriteProcessMemory
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateThread
InterlockedFlushSList
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
VirtualQuery
VirtualQueryEx
ReadConsoleW
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
TlsAlloc
VirtualProtect
FlushFileBuffers
FillConsoleOutputCharacterW
RtlUnwind
CreateRemoteThread
OpenProcess
GetDateFormatW
GetStartupInfoW
ReadProcessMemory
GetProcAddress
GetConsoleScreenBufferInfo
VirtualProtectEx
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
GetFileSizeEx
FindNextFileW
FindFirstFileW
DuplicateHandle
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
VirtualAllocEx
GetConsoleCP
GetEnvironmentStringsW
CreateProcessW
FileTimeToLocalFileTime
GetCurrentDirectoryW
VirtualFreeEx
GetCurrentProcessId
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
UnmapViewOfFile
VirtualFree
Sleep
VirtualAlloc
DsGetDcNameW
NetApiBufferFree
RpcBindingFree
NdrClientCall2
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
I_RpcBindingInqSecurityContext
RpcBindingSetOption
RpcStringFreeW
SamOpenDomain
SamQueryInformationUser
SamLookupNamesInDomain
SamOpenUser
SamEnumerateDomainsInSamServer
SamEnumerateUsersInDomain
SamCloseHandle
SamLookupDomainInSamServer
SamGetGroupsForUser
SamConnect
SamRidToSid
SamGetAliasMembership
SamLookupIdsInDomain
SamFreeMemory
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
CommandLineToArgvW
PathIsRelativeW
PathCanonicalizeW
PathCombineW
LsaConnectUntrusted
QueryContextAttributesW
LsaDeregisterLogonProcess
LsaLookupAuthenticationPackage
LsaFreeReturnBuffer
FreeContextBuffer
LsaCallAuthenticationPackage
GetKeyboardLayout
IsCharAlphaNumericW
CDLocateCSystem
MD5Final
MD5Update
CDLocateCheckSum
MD5Init
CDGenerateRandomBits
RtlDowncaseUnicodeString
RtlInitUnicodeString
RtlAppendUnicodeStringToString
RtlStringFromGUID
NtTerminateProcess
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlGetNtVersionNumbers
NtQueryObject
RtlGUIDFromString
RtlUpcaseUnicodeString
NtQuerySystemInformation
RtlAnsiStringToUnicodeString
RtlEqualUnicodeString
RtlEqualString
RtlFreeUnicodeString
RtlCreateUserThread
NtResumeProcess
RtlGetCurrentPeb
RtlAdjustPrivilege
NtSuspendProcess
NtQueryInformationProcess
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2015:12:15 03:03:17+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
233984

LinkerVersion
14.0

EntryPoint
0x1e0c9

InitializedDataSize
176640

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 e4d4ab73efff6efb47415b8ad7448675
SHA1 c82b04ebbe169f20b6d55acee88056102f60b31b
SHA256 c20f30326fcebad25446cf2e267c341ac34664efad5c50ff07f0738ae2390eae
ssdeep
6144:DnXNXvnYOmqeHBnMpxKS12siUhaQOoRyEPNMNI60A8ATIPw1S5P:zdvYOmtaxKS1JBha0RhP

authentihash 120cd16b7c6145fa8cd893c8e85ffa4f70ef0a3a58a86d14bfe1700671a83e21
imphash ced7c2285c65b91b858691f324df5d92
File size 399.0 KB ( 408576 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
pedll

VirusTotal metadata
First submission 2015-12-15 04:15:13 UTC ( 3 years ago )
Last submission 2016-02-24 14:41:17 UTC ( 2 years, 9 months ago )
File names powerkatz.dll
katzmimi32.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!