home

powder.exe

MD5:
123ac681c0dcbd140d82edde0f178165

SHA-1:
d391e8959b9484919c5f17387462ad52857cf2bf

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 11:00:37 AM UTC  (today)

File size:
1.7 MB (1,762,304 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
5/9/2012 10:40:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.21

CTPH (ssdeep):
49152:OZ1Z6uwU1zTj56H7EP+GJO5NLD7OP54qrzd8hAUgC:OHZ6uwU6H7EP+G83LeYOC

Entry address:
0x130E

Entry point:
55, 89, E5, 83, EC, 18, C7, 04, 24, 02, 00, 00, 00, A1, F8, 17, 2C, 01, FF, D0, E8, 39, FF, FF, FF, 55, 89, E5, 83, EC, 18, 8B, 15, 74, 18, 2C, 01, 8B, 45, 08, 89, 04, 24, FF, D2, C9, C3, 55, 89, E5, 83, EC, 18, 8B, 15, 40, 18, 2C, 01, 8B, 45, 08, 89, 04, 24, FF, D2, C9, C3, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 55, 89, E5, 83, EC, 18, 8B, 0D, D4, F9, 56, 00, 85, C9, 74, 31, C7, 04, 24, 00, 00, 57, 00, E8, C8, 6F, 11, 00, 52, 85, C0, 74, 2F, C7, 44, 24, 04, 0E, 00, 57, 00, 89, 04, 24, E8, BB...
 
[+]

Entropy:
6.1071

Code size:
1.1 MB (1,144,832 bytes)

The file powder.exe has been seen being distributed by the following URL.

http://r.srvtrck.com/v1/redirect?yk_tag=1c_aa_81754662&url=http://minecraft2-0.weebly.com/uploads/1/2/2/2/12227893/powder.exe&source=http://csh.lt&api_key=abbc5236946676eae219a734c0a1c5e8&site_id=55bf3192e4b0faee62105dfd&type=url

Scan powder.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.