Static task
static1
General
-
Target
popa4len.exe
-
Size
13.0MB
-
MD5
0f77f543418ce39757c8483d2a0b28be
-
SHA1
2f568663eea61f5f525b07afaf25759463019216
-
SHA256
a9fc3d1845576a873e8f60165657504f6d5787a5877f81679c7e409e0fca4558
-
SHA512
70b2775a46ca12c375db328635b2cfd5b83a8d0d56e97875e8c0c95de0030f57d24132894bba5996655efac90396c7469efc1a30720ed248bd0df887ec779305
-
SSDEEP
393216:I90oOsw9ivNDJcgvIBKWiZpCRkdh1uK/BgZeHd:po09cLcgvGhi/CaJZ/Z
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource popa4len.exe
Files
-
popa4len.exe.exe windows x64
8179181ff966697a8c90237e4b00f5da
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
HeapDestroy
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
SetWindowPos
advapi32
CryptHashData
shell32
ShellExecuteA
oleaut32
VariantClear
imm32
ImmReleaseContext
xinput1_4
ord2
msvcp140
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
d3d9
Direct3DCreate9
d3dx9_43
D3DXCreateTextureFromFileInMemoryEx
userenv
UnloadUserProfile
psapi
GetModuleInformation
wininet
InternetOpenA
ws2_32
WSASetLastError
ntdll
NtClose
normaliz
IdnToAscii
wldap32
ord26
crypt32
CryptQueryObject
rpcrt4
UuidCreate
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__current_exception
api-ms-win-crt-stdio-l1-1-0
_open
api-ms-win-crt-string-l1-1-0
strspn
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-heap-l1-1-0
_callnewh
api-ms-win-crt-convert-l1-1-0
strtoll
api-ms-win-crt-runtime-l1-1-0
terminate
api-ms-win-crt-time-l1-1-0
_localtime64
api-ms-win-crt-math-l1-1-0
acosf
api-ms-win-crt-filesystem-l1-1-0
_fstat64
api-ms-win-crt-locale-l1-1-0
localeconv
Sections
.text Size: - Virtual size: 706KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 142KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 144KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.2mf Size: - Virtual size: 7.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.evJ Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.@?] Size: 13.0MB - Virtual size: 13.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 296B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ