Manalyze report for 4c82fbafef9bab484a2fbe23e4ec8aac06e8e296d6c9e496f4a589f97fd4ab71

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2010-Apr-16 07:47:33
Detected languages	English - United Kingdom
FileVersion	`1.6.0.0`
Comments	PowerRun v1.6
FileDescription	PowerRun
LegalCopyright	Copyright © 2016-2022 www.sordum.org All Rights Reserved.
Coder	By BlueLife
CompanyName	www.sordum.org
ProductVersion	`1.6.0.0`
OriginalFilename	PowerRun.exe

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig2(h)`
Info	Interesting strings found in the binary:	`Contains domain names: sordum.org www.sordum.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses known Mersenne Twister constants`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW LoadLibraryExW GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowW` `Code injection capabilities: OpenProcess VirtualAllocEx WriteProcessMemory VirtualAlloc` `Code injection capabilities (PowerLoader): FindWindowW GetWindowLongW` `Can access the registry: RegisterHotKey RegEnumValueW RegDeleteValueW RegDeleteKeyW RegSetValueExW RegCreateKeyExW RegEnumKeyExW RegCloseKey RegQueryValueExW RegOpenKeyExW` `Possibly launches other programs: CreateProcessW CreateProcessAsUserW CreateProcessWithLogonW ShellExecuteW` `Can create temporary files: CreateFileW GetTempPathW CreateFileA` `Uses functions commonly found in keyloggers: GetAsyncKeyState AttachThreadInput MapVirtualKeyW GetForegroundWindow` `Has Internet access capabilities: InternetReadFile InternetCloseHandle InternetOpenW InternetSetOptionW InternetCrackUrlW InternetConnectW InternetOpenUrlW InternetQueryOptionW InternetQueryDataAvailable` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken DuplicateTokenEx` `Interacts with services: OpenSCManagerW` `Enumerates local disk drives: GetDriveTypeW GetVolumeInformationW` `Manipulates other processes: EnumProcesses EnumProcessModules OpenProcess WriteProcessMemory ReadProcessMemory Process32FirstW Process32NextW` `Can take screenshots: FindWindowW GetDC CreateCompatibleDC` `Reads the contents of the clipboard: GetClipboardData` `Can shut the system down or lock the screen: ExitWindowsEx InitiateSystemShutdownExW`
Info	The PE is digitally signed.	`Signer: Sordum Software` `Issuer: Sordum Software`
Suspicious	VirusTotal score: 1/51 (Scanned on 2022-11-11 15:55:46)	`CrowdStrike: win/grayware_confidence_60% (D)`

Hashes

MD5	`408dd6ade80f2ebbc2e5470a1fb506f1`
SHA1	`e00293ce0eb534874efd615ae590cf6aa3858ba4`
SHA256	`4c82fbafef9bab484a2fbe23e4ec8aac06e8e296d6c9e496f4a589f97fd4ab71`
SHA3	`f9ceaa469f40019d39c1e9e4caec69c9337228385eeef0771e83bfae5f8a259c`
SSDeep	`12288:faWzgMg7v3qnCiLErQohh0F4cCJ8lnyuQ4BgWlRPT03:CaHMv6CTrjcnyuQ4hRPo`
Imports Hash	`aaaa8913c89c8aa4a5d93f06853894da`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2010-Apr-16 07:47:33
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.0`
SizeOfCode	`0x80200`
SizeOfInitializedData	`0x1f200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00016310 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x82000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0xb6000`
SizeOfHeaders	`0x400`
Checksum	`0xc7144`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x400000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x400000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`db8f9ab6554f787cbacd2a35c0ee8308`
SHA1	`9713d4e194d4019111d9270fa254359ea9c4e191`
SHA256	`7e93460cf57bdaed59c4432639f5f01985c22ddf1fa70fa25364d9e4638339a1`
SHA3	`10bd9bd8c4f815330b1f037bf9147d3f054d41bde9f213a98ece516ce1423cfb`
VirtualSize	`0x80017`
VirtualAddress	`0x1000`
SizeOfRawData	`0x80200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.63491`

.rdata

MD5	`e562e11ae44fdc755313f6f395d2c301`
SHA1	`7ed74231a362eacda4df8ba464741a9fff8e270d`
SHA256	`c99f1fe9de42da7928a005ce414a1c503892aa5e45018f4b0c6207642c615a22`
SHA3	`245a7c1f5bbcf090a7615ccd332aae469dd62ba454baf3aaba9569acd9efca7b`
VirtualSize	`0xd95c`
VirtualAddress	`0x82000`
SizeOfRawData	`0xda00`
PointerToRawData	`0x80600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.86709`

.data

MD5	`56c20b4751186ef3076862d8ac0538d2`
SHA1	`64ff45582a9731e139e3bf379726a83d023b60fa`
SHA256	`5ea535aae05468ea06984bd5da066e399e56d97d41663a84ced88cb8c6e00dfc`
SHA3	`44cf115509a036785e3ddb3a005e67f64bb79b3ab8153d1817130d267bbceaa6`
VirtualSize	`0x1a518`
VirtualAddress	`0x90000`
SizeOfRawData	`0x6800`
PointerToRawData	`0x8e000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.20192`

.rsrc

MD5	`feaa066bdf1c49068ccfe7cf0aa8b4aa`
SHA1	`24480678e13c30193476a40295d7bc15e96fcf85`
SHA256	`eddec501134311282aec126025b55d0df75790495129e4412f997b286c7c91e5`
SHA3	`0c6488976c697af7c14d3d4db543bca1358ae26a78f668431be0c2b2f2255f5c`
VirtualSize	`0xae58`
VirtualAddress	`0xab000`
SizeOfRawData	`0xb000`
PointerToRawData	`0x94800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.03519`

Imports

WSOCK32.dll	`__WSAFDIsSet` `setsockopt` `ntohs` `recvfrom` `sendto` `htons` `select` `listen` `WSAStartup` `bind` `closesocket` `connect` `socket` `send` `WSACleanup` `ioctlsocket` `accept` `WSAGetLastError` `inet_addr` `gethostbyname` `gethostname` `recv`
VERSION.dll	`VerQueryValueW` `GetFileVersionInfoW` `GetFileVersionInfoSizeW`
WINMM.dll	`timeGetTime` `waveOutSetVolume` `mciSendStringW`
COMCTL32.dll	`ImageList_Remove` `ImageList_SetDragCursorImage` `ImageList_BeginDrag` `ImageList_DragEnter` `ImageList_DragLeave` `ImageList_EndDrag` `ImageList_DragMove` `ImageList_ReplaceIcon` `ImageList_Create` `InitCommonControlsEx` `ImageList_Destroy`
MPR.dll	`WNetCancelConnection2W` `WNetGetConnectionW` `WNetAddConnection2W` `WNetUseConnectionW`
WININET.dll	`InternetReadFile` `InternetCloseHandle` `InternetOpenW` `InternetSetOptionW` `InternetCrackUrlW` `HttpQueryInfoW` `InternetConnectW` `HttpOpenRequestW` `HttpSendRequestW` `FtpOpenFileW` `FtpGetFileSize` `InternetOpenUrlW` `InternetQueryOptionW` `InternetQueryDataAvailable`
PSAPI.DLL	`EnumProcesses` `GetModuleBaseNameW` `GetProcessMemoryInfo` `EnumProcessModules`
USERENV.dll	`CreateEnvironmentBlock` `DestroyEnvironmentBlock` `UnloadUserProfile` `LoadUserProfileW`
KERNEL32.dll	`HeapAlloc` `Sleep` `GetCurrentThreadId` `RaiseException` `MulDiv` `GetVersionExW` `GetSystemInfo` `MultiByteToWideChar` `WideCharToMultiByte` `GetModuleHandleW` `QueryPerformanceCounter` `VirtualFreeEx` `OpenProcess` `VirtualAllocEx` `WriteProcessMemory` `ReadProcessMemory` `CreateFileW` `SetFilePointerEx` `ReadFile` `WriteFile` `FlushFileBuffers` `TerminateProcess` `CreateToolhelp32Snapshot` `Process32FirstW` `Process32NextW` `SetFileTime` `GetFileAttributesW` `FindFirstFileW` `FindClose` `DeleteFileW` `FindNextFileW` `lstrcmpiW` `MoveFileW` `CopyFileW` `CreateDirectoryW` `RemoveDirectoryW` `SetSystemPowerState` `QueryPerformanceFrequency` `FindResourceW` `LoadResource` `LockResource` `SizeofResource` `GetProcessHeap` `OutputDebugStringW` `GetLocalTime` `CompareStringW` `CompareStringA` `InterlockedIncrement` `InterlockedDecrement` `DeleteCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionAndSpinCount` `GetStdHandle` `CreatePipe` `InterlockedExchange` `TerminateThread` `GetTempPathW` `GetTempFileNameW` `VirtualFree` `FormatMessageW` `GetExitCodeProcess` `SetErrorMode` `GetPrivateProfileStringW` `WritePrivateProfileStringW` `GetPrivateProfileSectionW` `WritePrivateProfileSectionW` `GetPrivateProfileSectionNamesW` `FileTimeToLocalFileTime` `FileTimeToSystemTime` `SystemTimeToFileTime` `LocalFileTimeToFileTime` `GetDriveTypeW` `GetDiskFreeSpaceExW` `GetDiskFreeSpaceW` `GetVolumeInformationW` `SetVolumeLabelW` `CreateHardLinkW` `DeviceIoControl` `SetFileAttributesW` `GetShortPathNameW` `CreateEventW` `SetEvent` `GetEnvironmentVariableW` `SetEnvironmentVariableW` `GlobalLock` `GlobalUnlock` `GlobalAlloc` `GetFileSize` `GlobalFree` `GlobalMemoryStatusEx` `Beep` `GetComputerNameW` `GetWindowsDirectoryW` `GetSystemDirectoryW` `GetCurrentProcessId` `GetCurrentThread` `GetProcessIoCounters` `CreateProcessW` `SetPriorityClass` `LoadLibraryW` `VirtualAlloc` `LoadLibraryExW` `HeapFree` `WaitForSingleObject` `CreateThread` `DuplicateHandle` `GetLastError` `CloseHandle` `GetCurrentProcess` `GetProcAddress` `LoadLibraryA` `FreeLibrary` `GetModuleFileNameW` `GetFullPathNameW` `ExitProcess` `ExitThread` `GetSystemTimeAsFileTime` `SetCurrentDirectoryW` `IsDebuggerPresent` `GetCurrentDirectoryW` `ResumeThread` `GetStartupInfoW` `TlsGetValue` `TlsAlloc` `TlsSetValue` `TlsFree` `SetLastError` `HeapSize` `GetCPInfo` `GetACP` `GetOEMCP` `IsValidCodePage` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetModuleFileNameA` `HeapReAlloc` `HeapCreate` `SetHandleCount` `GetFileType` `GetStartupInfoA` `SetStdHandle` `GetConsoleCP` `GetConsoleMode` `LCMapStringW` `LCMapStringA` `RtlUnwind` `SetFilePointer` `GetTimeZoneInformation` `GetTimeFormatA` `GetDateFormatA` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineW` `GetTickCount` `GetStringTypeA` `GetStringTypeW` `GetLocaleInfoA` `GetModuleHandleA` `WriteConsoleA` `GetConsoleOutputCP` `WriteConsoleW` `CreateFileA` `SetEndOfFile` `EnumResourceNamesW` `SetEnvironmentVariableA`
USER32.dll	`SetWindowPos` `GetCursorInfo` `RegisterHotKey` `ClientToScreen` `GetKeyboardLayoutNameW` `IsCharAlphaW` `IsCharAlphaNumericW` `IsCharLowerW` `IsCharUpperW` `GetMenuStringW` `GetSubMenu` `GetCaretPos` `IsZoomed` `MonitorFromPoint` `GetMonitorInfoW` `SetWindowLongW` `SetLayeredWindowAttributes` `FlashWindow` `GetClassLongW` `TranslateAcceleratorW` `IsDialogMessageW` `GetSysColor` `InflateRect` `DrawFocusRect` `DrawTextW` `FrameRect` `DrawFrameControl` `FillRect` `PtInRect` `DestroyAcceleratorTable` `CreateAcceleratorTableW` `SetCursor` `GetWindowDC` `GetSystemMetrics` `GetActiveWindow` `CharNextW` `wsprintfW` `RedrawWindow` `DrawMenuBar` `DestroyMenu` `SetMenu` `GetWindowTextLengthW` `CreateMenu` `IsDlgButtonChecked` `DefDlgProcW` `ReleaseCapture` `SetCapture` `WindowFromPoint` `CreateIconFromResourceEx` `mouse_event` `ExitWindowsEx` `SetActiveWindow` `FindWindowExW` `EnumThreadWindows` `SetMenuDefaultItem` `InsertMenuItemW` `IsMenu` `TrackPopupMenuEx` `GetCursorPos` `DeleteMenu` `CheckMenuRadioItem` `CopyImage` `GetMenuItemCount` `SetMenuItemInfoW` `GetMenuItemInfoW` `SetForegroundWindow` `IsIconic` `FindWindowW` `SystemParametersInfoW` `PeekMessageW` `SendInput` `GetAsyncKeyState` `SetKeyboardState` `GetKeyboardState` `GetKeyState` `VkKeyScanW` `LoadStringW` `DialogBoxParamW` `MessageBeep` `EndDialog` `SendDlgItemMessageW` `GetDlgItem` `SetWindowTextW` `CopyRect` `ReleaseDC` `GetDC` `EndPaint` `BeginPaint` `GetClientRect` `GetMenu` `DestroyWindow` `EnumWindows` `GetDesktopWindow` `IsWindow` `IsWindowEnabled` `IsWindowVisible` `EnableWindow` `InvalidateRect` `GetWindowThreadProcessId` `AttachThreadInput` `GetFocus` `GetWindowTextW` `ScreenToClient` `SendMessageTimeoutW` `EnumChildWindows` `CharUpperBuffW` `GetClassNameW` `GetParent` `GetDlgCtrlID` `SendMessageW` `MapVirtualKeyW` `PostMessageW` `GetWindowRect` `SetUserObjectSecurity` `GetUserObjectSecurity` `CloseDesktop` `CloseWindowStation` `OpenDesktopW` `SetProcessWindowStation` `GetProcessWindowStation` `OpenWindowStationW` `MessageBoxW` `DefWindowProcW` `MoveWindow` `AdjustWindowRectEx` `SetRect` `SetClipboardData` `EmptyClipboard` `CountClipboardFormats` `CloseClipboard` `GetClipboardData` `IsClipboardFormatAvailable` `OpenClipboard` `BlockInput` `GetMessageW` `LockWindowUpdate` `DispatchMessageW` `GetMenuItemID` `TranslateMessage` `SetFocus` `PostQuitMessage` `KillTimer` `CreatePopupMenu` `RegisterWindowMessageW` `SetTimer` `ShowWindow` `CreateWindowExW` `RegisterClassExW` `LoadIconW` `LoadCursorW` `GetSysColorBrush` `GetForegroundWindow` `MessageBoxA` `DestroyIcon` `UnregisterHotKey` `CharLowerBuffW` `MonitorFromRect` `keybd_event` `LoadImageW` `GetWindowLongW`
GDI32.dll	`DeleteObject` `GetObjectW` `GetTextExtentPoint32W` `ExtCreatePen` `StrokeAndFillPath` `StrokePath` `EndPath` `SetPixel` `CloseFigure` `CreateCompatibleBitmap` `CreateCompatibleDC` `SelectObject` `StretchBlt` `GetDIBits` `LineTo` `AngleArc` `MoveToEx` `Ellipse` `PolyDraw` `BeginPath` `Rectangle` `GetDeviceCaps` `SetBkMode` `RoundRect` `SetBkColor` `CreatePen` `CreateSolidBrush` `SetTextColor` `CreateFontW` `GetTextFaceW` `GetStockObject` `CreateDCW` `GetPixel` `DeleteDC` `SetViewportOrgEx`
COMDLG32.dll	`GetSaveFileNameW` `GetOpenFileNameW`
ADVAPI32.dll	`RegEnumValueW` `RegDeleteValueW` `RegDeleteKeyW` `RegSetValueExW` `RegCreateKeyExW` `GetUserNameW` `RegConnectRegistryW` `RegEnumKeyExW` `CloseServiceHandle` `UnlockServiceDatabase` `LockServiceDatabase` `OpenSCManagerW` `InitiateSystemShutdownExW` `AdjustTokenPrivileges` `RegCloseKey` `RegQueryValueExW` `RegOpenKeyExW` `OpenThreadToken` `OpenProcessToken` `LookupPrivilegeValueW` `DuplicateTokenEx` `CreateProcessAsUserW` `CreateProcessWithLogonW` `InitializeSecurityDescriptor` `InitializeAcl` `GetLengthSid` `SetSecurityDescriptorDacl` `CopySid` `LogonUserW` `GetTokenInformation` `GetAclInformation` `GetAce` `AddAce` `GetSecurityDescriptorDacl`
SHELL32.dll	`DragQueryPoint` `ShellExecuteExW` `SHGetFolderPathW` `DragQueryFileW` `SHEmptyRecycleBinW` `SHBrowseForFolderW` `SHFileOperationW` `SHGetPathFromIDListW` `SHGetDesktopFolder` `SHGetMalloc` `ExtractIconExW` `Shell_NotifyIconW` `ShellExecuteW` `DragFinish`
ole32.dll	`OleSetMenuDescriptor` `MkParseDisplayName` `OleSetContainedObject` `CoInitialize` `CoUninitialize` `CoCreateInstance` `CreateStreamOnHGlobal` `CoTaskMemAlloc` `CoTaskMemFree` `CLSIDFromString` `StringFromCLSID` `IIDFromString` `StringFromIID` `OleInitialize` `CreateBindCtx` `CLSIDFromProgID` `CoInitializeSecurity` `CoCreateInstanceEx` `CoSetProxyBlanket` `OleUninitialize`
OLEAUT32.dll	`SafeArrayAllocData` `SafeArrayAllocDescriptorEx` `SysAllocString` `OleLoadPicture` `SafeArrayGetVartype` `SafeArrayDestroyData` `SafeArrayAccessData` `VarR8FromDec` `VariantTimeToSystemTime` `VariantClear` `VariantCopy` `VariantInit` `SafeArrayDestroyDescriptor` `LoadRegTypeLib` `GetActiveObject` `SafeArrayUnaccessData`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.05883`
MD5	`78f30e363a0499f530d057b4d639d36e`
SHA1	`360bd6476101b0cddc23d2c7eade326c1b16ceaf`
SHA256	`08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e`
SHA3	`001ac9f6e8e52f9c3eb7101189fb953e2f4babfdea5b6e26b23b99173af38de4`

2

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.66371`
MD5	`d6f27bf763eb666af934477958acf362`
SHA1	`f724ee386cda31b32b5c88e08b9abf562c016a57`
SHA256	`62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5`
SHA3	`6f4a250c7a91ddfcc872e14b8ed1e4aa33a5ebb3280f7d021b47aa46edfb9586`

3

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82922`
MD5	`2a72016cca5b373943e709a0ef02b9f4`
SHA1	`7542c664fc745ce3cf4bbde8c090d5d77ef25dfa`
SHA256	`3294d1c30c9408f19370c2e66d2113f629bd88907b74c40dedc80f48a0376ce5`
SHA3	`d6f0129cc94de753e73eca816247f3deac901c87d52c4ba5b435da868dd9372f`

4

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x4335`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.89498`
Detected Filetype	PNG graphic file
MD5	`e8427a612b615594cf794738c175b694`
SHA1	`542e02743f388b47a7f7eb1dee652a6b9367fbc5`
SHA256	`dc5f548dfd20911d719d07fa5f692c56b920c002c9255fa9ccce3b7d855030f5`
SHA3	`7b8c554393ac379c72d8d7a912f1e53276fc12cb18ab3689a2ba546b8707f501`

5

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.557`
MD5	`c4e13871187a1b0210192ead1137e43a`
SHA1	`5d67bf0bdc3a1d62735d9476f9593f6966bb3e7a`
SHA256	`6e1b539ddad1cec4cf08552d5bc6fdbf1825ce150cf043083a6bc6ee9369bc41`
SHA3	`ee03741fdef3b316ec800809adc9ee74fd760e2c4b955eff343a26043fb03c9f`

6

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.89071`
MD5	`da99ad91ebdd37e8c4b7dc33cd098276`
SHA1	`1b882aa520d6017056b5f4fcdcd2b830afb05d60`
SHA256	`d19ec4838fad14b4613e850b82f42b9c8ebba69c0176f4606a76e5acf4de0a2a`
SHA3	`9a775b834dccf816dcd76d9b838e96baf488c3aacfd279bb1f20a17bd70e991c`

13

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0xb0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.916632`
MD5	`a8a1c280f30259a257e25766c0604af9`
SHA1	`aa06130f0febd4177da80ed0c1b562f2c39ee3e0`
SHA256	`b5fcc3c7eccb7637da67c65b857120af0ccd9f29230cdb568d3caa95427fccfd`
SHA3	`616739d4df8220831c988bfa950362745c1de6c8d7fe610b02938fbd92374b21`

14

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.19813`
MD5	`bd14123fffda087717e1d870554e8ab2`
SHA1	`00197ea57866300f63ab713bf2edd0b62673897d`
SHA256	`1bf6497c8a6790acc3c6f0c942efdcd0152b776a71af0bb27198e646dda494bd`
SHA3	`1b4842639c73b3578ebe572131842beb439047bb25a9909a6640ed7451db80f1`

50

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.16896`
MD5	`0e60633cba2f0c05b5c6b1f7d06be020`
SHA1	`0a3c58bfd5f944f5dbd626d08b6ce0c4d7e43fff`
SHA256	`1c4aa47cfcd2454c09d21d538d8d2c2d126e9a5af8513bdf06f968ff8adffcf3`
SHA3	`0405bf14fe21d080344f00438baa35a2247470880bffdd83f76ad730c6afc6aa`

51

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.02624`
MD5	`194917a05117b2b5af3f394499aff6e6`
SHA1	`b6043eafa7c52708add48b3df5f3ea5072ba84b3`
SHA256	`91f249bcd2906cf3e12e7aac891b780df54b35d33faffd16cda41bb58d2f44a0`
SHA3	`bc59da790153966035a319b44d6371d2099fedb6d1f3bb4d62203b5400b75011`

52

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.04442`
MD5	`ae3dc9020168808e53c0f6a12b1f637e`
SHA1	`60f53fbc9606fffd7034d8b3f92167193e73501f`
SHA256	`3c922c22b192c61599d965a9d9629f42adf7fd6a95bba9c5866668d6166b50e2`
SHA3	`226627f4f193f6c9b11a9dd5aa4ac0fa7bae35a45f576e7bc78be1aee8a78066`

53

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.4581`
MD5	`5cf98ffaf58570dd9c335715f1172d38`
SHA1	`20ba45dbe78dbce5806e5a7ff0ac08fb4dfddc54`
SHA256	`fa8105275f330d348f2a0f0678fd55c4284416ff721b70daa9ecbd51dca55047`
SHA3	`224774f5a6e044c6fbe91e384a747042c816816e443d5a13767f7d97b5f34887`

54

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.08935`
MD5	`5b67f6013501675c382240b4d1326ff4`
SHA1	`d718c91b92ee8906a358fa5d729767c9c604ae94`
SHA256	`e1f091c9d1923e4c8b453b3288e911c0c47e5f11e82ebb4ee0543deca43b040a`
SHA3	`28d419e2ff60e7dc9f8e107f69e7a72390021feca60d650337052887a9a51551`

1 (#2)

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39865`
MD5	`c15eb4492b6b9a91099545450868dfe5`
SHA1	`10cd58af144df91d64e9227676e1df7562ce795e`
SHA256	`34ef62316d8ff4b3d9dda0e08aac73ff2a251e616fd55c575bfdb26c9b7a4175`
SHA3	`c3ca3e7fc73658ce7174e41c2ea596f4aeba890541872904621b398ec5ed06da`

2 (#2)

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x2b2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.47726`
MD5	`d308956c71a3c26a8a6c1f836952ef2d`
SHA1	`3e5ee8689eddb97c8bf366916c65955dfafdd668`
SHA256	`ed07cc50dec4c5a800a7e06f93072182ef3f170c8a0dc1f9b0a6a11cbd8fb5ae`
SHA3	`4a719ffa2d7adcdcd96a6130181fb308ce8697a0beca8c9a430ee959edad96f4`

3 (#2)

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x17a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.25926`
MD5	`cf339e034cef65fc2f7673570b69d935`
SHA1	`86e0ddeeb515ad7a933ba27a43341e4a21121cc6`
SHA256	`81c269f387fe9b042991b146611f6c0cdeea6a3716038c80d811c47f36aaf3fd`
SHA3	`d0688ab43ea2b81877ff570cf6d6135ba0aae9090127608e68622bc989272a06`

99

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.50899`
Detected Filetype	Icon file
MD5	`7a034ed5b496ba598b2deab8c2659099`
SHA1	`8e4824312b87fbfaf5fb64427885cbc498fddb4b`
SHA256	`8e7e57210122b93e68d7b37091bcbae85680b5f1046b12ae4245594085d78dfc`
SHA3	`bffaa8e4c5f0028f0a457c35ac48ab54528a70639b47ccb949a4b5495ae250c7`

162

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.84274`
Detected Filetype	Icon file
MD5	`f64c60b749269fcf6659c450dda98486`
SHA1	`42945c3496bc4e1943a1a05926a9b5ee31d3e450`
SHA256	`ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1`
SHA3	`443830acdeb37f2b7f844756492b2b11f9fb93e9171617d8c799cebfd05cb37f`

164

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.02322`
Detected Filetype	Icon file
MD5	`7a9605cb416b1a091d889b9d9f37ec66`
SHA1	`866c01641d672b6cd69901c1e055f174f47b35bb`
SHA256	`6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164`
SHA3	`af43e622bf6c842d1ada2985f8e68920ff7b22d8a0b1a12871968c23b5065651`

169

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.35044`
Detected Filetype	Icon file
MD5	`8563db549c5731af70813a5557af33bf`
SHA1	`fa682f378eb7ff872ddd8c76f6a76644517d512e`
SHA256	`b53d1d88f1c71e99ad92e3cf0a9dc9680f061366230e87d46d678611943f4c67`
SHA3	`939807784ebad4e97fa3be77a69939ed4c850277be555038b1c58e0b120ef77b`

201

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.0815`
Detected Filetype	Icon file
MD5	`d74622a416c693614a2097135c59a82f`
SHA1	`516c28ab14dab4e78e13529d5a54deadb03546af`
SHA256	`51b7101e35d3b5c788735a166a278b84648c946e5aeb513b9bff5beebb6cd4ae`
SHA3	`eb6ac02e18249a790a1df0365cfa8dc94caab1982f6090692860ed2de2cef259`

202

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.0815`
Detected Filetype	Icon file
MD5	`2e36feafd1a857c8aa9362c74101c537`
SHA1	`d3d08d24a458703a3d6d2c5038d212977db62d81`
SHA256	`9beb7d9cf26ca97043e055df5d3b25a662ee0ef8ffc0f1dbc0b35a4d06e66990`
SHA3	`7f8da2164aeb8e6e50fda2d5574d92c37137fc75a92909a8149d983975d1e9b3`

203

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.0815`
Detected Filetype	Icon file
MD5	`8bababe256370d9f8cf21c876336b355`
SHA1	`680dc72f36b2fb44be83878567c002c4cf17d74c`
SHA256	`1ab4cb53a9b1fd61c6bc254d95162ff655e6e008bf1845dd1358027d64a17604`
SHA3	`e1ab4a88cfe4faf2faf6cb110242f2668ebb08aec37d70851a019e024ad10b3d`

204

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.0815`
Detected Filetype	Icon file
MD5	`0ea6f04c202fbf737034565febd6faa6`
SHA1	`3db9b510eef2e2f9f75a174972fe1b5db2b9fd78`
SHA256	`2a97dc843b7698f8ed9fba9b10db7fb0dd39927f9cc842cf1994583dd4353c2b`
SHA3	`39566dab4e3e598c2ce4595143bb6a25c4e7a476dea56bdc207499f14adb9d02`

205

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.83321`
Detected Filetype	Icon file
MD5	`cb8acdd885e1bda7e1734472b90999f2`
SHA1	`ecc825d0757a2bcdd10cca70faa1f060745a4bb9`
SHA256	`7e4e38c43d4e47c80e36d8e5579543a0b19bb2674ee36d88cb3c18ee110b84f5`
SHA3	`40cd79645bc65a71c97509d092ed60b3f7981824cdbed06ec4b0c0e6de99914b`

1 (#3)

Type	`RT_VERSION`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x2f8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39868`
MD5	`0d52634a8c73ec05ac3d21bcb2d004a3`
SHA1	`4efd4b295c037fe36e8c0373cbf13db76b51c257`
SHA256	`386137399047658a7c27c8e0641e5f985b8c7a2f5276150fcd45b99175023b17`
SHA3	`06c1fa4435a6c01c64b230731765b5aec68bd3ec58dccd9ee2f331bf6f5e4714`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United Kingdom
Codepage	Latin 1 / Western European
Size	`0x49e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.25292`
MD5	`2b2a2054e335aaa423b12450d1549812`
SHA1	`1a021a215318a5b863022a71fc16fc612f551073`
SHA256	`65adef82fb1472c5fb0b8825aa94ae8e4399681600b88ff856927c84eaeea3a4`
SHA3	`6ea5c66f784119ff8802a070449023ede2b797f5edd4df67f866dcd6d75cd254`

String Table contents

PowerRun has been created to run Applications with Elevated Privileges
&File\n &Edit\n &Options\n &Help
File Location\n Parameter\n Start Directory\n Window State
Hidden\n Normal\n Minimized\n Maximized
Run File
Add File
Remove Item
Edit Item
Launch Registry Editor
Launch Command Prompt
&Add File
E&xit
&Run File
&Create\n Create &Bat File\n Create &Vbs File
&Edit Item
&Paste File
&Remove
&Remove All
&Open Location
&Copy as Path
&File Properties
&Always On Top
&Show Hidden Files
&Show File Extensions
&Donate
&HomePage
&Contact
&About
Please Wait ...
Applications\n All Files\n Command Prompt Files\n VBScript Files
File Location:\n Parameter:\n Working Directory:\n Startup Windows State:\n Apply List\n Cancel
Select working directory
Open\n Recent Registry Keys
Unable to read file!
Unable to write file!
File not found!
&Use Classical Icons
&Command Line Info
&Create Shortcut\n Shortcuts

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.6.0.0
ProductVersion	1.6.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United Kingdom
FileVersion (#2)	1.6.0.0
Comments	PowerRun v1.6
FileDescription	PowerRun
LegalCopyright	Copyright © 2016-2022 www.sordum.org All Rights Reserved.
Coder	By BlueLife
CompanyName	www.sordum.org
ProductVersion (#2)	1.6.0.0
OriginalFilename	PowerRun.exe

Resource LangID	English - United Kingdom

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xbeafe369`
Unmarked objects	`0`
150 (20413)	`2`
ASM objects (VS2008 SP1 build 30729)	`30`
C objects (VS2008 SP1 build 30729)	`178`
C++ objects (VS2008 SP1 build 30729)	`57`
C objects (VS2012 build 50727 / VS2005 build 50727)	`10`
Imports (VS2012 build 50727 / VS2005 build 50727)	`33`
Total imports	`525`
143 (VS2008 SP1 build 30729)	`70`
ASM objects (VS2008 build 21022)	`2`
Linker (VS2008 build 21022)	`1`
151	`1`
Resource objects (VS2008 SP1 build 30729)	`1`

Errors

Leave a comment

No comments yet.