home

powertool32.exe

PowerTool x86

Time Doctor LLC

The executable powertool32.exe, “Anti-virus/rootkit/bootkit Tool” has been detected as malware by 5 anti-virus scanners.
Publisher:
http://about.me/ithurricanept  (signed by Time Doctor LLC)

Product:
PowerTool x86

Description:
Anti-virus/rootkit/bootkit Tool

Version:
4.8.0.0

MD5:
72f3bce4d4c5be206e5caaed3276184d

SHA-1:
5046dcd007a7a15c3c9d5a5df11766cd0bc3e270

SHA-256:
6813eafd15c3cdf5068e7c1f2da61db962937ce1effab38a3bcf50ab67f39f78

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
1/13/2025 7:03:10 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
BackDoor.Anunak.102
9.0.1.062

Fortinet FortiGate
W32/Carbanak.A!tr
3/3/2017

IKARUS anti.virus
Trojan.Inject
0.2.1.2

NANO AntiVirus
Trojan.Win32.Anunak.elmkch
1.0.70.15190

Zillya! Antivirus
Backdoor.AndromCRTD.Win32.201
2.0.0.3217

File size:
5.6 MB (5,838,280 bytes)

Product version:
4.8.0.0

Copyright:
Copyright @ 2010-2016. All rights reserved.

Original file name:
PowerTool.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\powertool_20160308_en\powertool32.exe

Digital Signature
Signed by:
Time Doctor LLC

Authority:
COMODO CA Limited

Valid from:
4/17/2014 3:00:00 AM

Valid to:
4/17/2016 2:59:59 AM

Subject:
CN=Time Doctor LLC, O=Time Doctor LLC, STREET=800 E. Charleston Blvd, L=Las Vegas, S=NV, PostalCode=89104, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
560E898EA6CE12B2625740328076DCFB

File PE Metadata
Compilation timestamp:
12/22/2015 9:52:04 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x28202E

Entry point:
E8, 08, BA, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, 60, A4, 6D, 00, 75, 02, F3, C3, E9, 32, 18, 00, 00, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 40, 34, 82, 00, FF, 15, 78, 64, 95, 00, 85, C0, 75, 18, 56, E8, DD, 57, 00, 00, 8B, F0, FF, 15, 94, 65, 95, 00, 50, E8, E2, 57, 00, 00, 59, 89, 06, 5E, 5D, C3, 51, C7, 01, 44, C8, 42, 00, E8, C1, BF, 00, 00, 59, C3, 55, 8B, EC, 8D, 41, 09, 50, 8B, 45, 08, 83, C0, 09, 50, E8, 20, BF, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 55, 8B, EC...
 
[+]

Code size:
2.8 MB (2,978,304 bytes)

Remove powertool32.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.