pop1w[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

pop1w.dll
Size

99KB
MD5

95f75e7151f6b69cca64cd3630c5abf5
SHA1

e81d83516e403180328cbaa44e9eb06b0eab9ba9
SHA256

4742f70a09d9bcfd3cf7fc898cb9bf7c54cde679e2b2a18018290dccaba20cc6
SHA512

a8ff580583cc3517de5f535ecc33dea33e0289257d14e244b8bc9c5af18bea298ae1d75a440ae26fbda65bf51373a3dc3ce74a0a98e122d39e8ec9778aa03125
SSDEEP

1536:aMxIWV91vFxMnBtOl6YtfFBGzPTIFcuFfjsWjcdTKA:Tfn1dxmPY8z7IH9MTKA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pop1w.dll

Files

pop1w.dll
.dll windows:5 windows x86 arch:x86

5fa76497d50062e8dcfb210d81f8a604

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\PC\Documents\Visual Studio 2013\Projects\widescreen\Release\pop\pop1w.pdb

Imports

kernel32

GetModuleFileNameA
GetPrivateProfileIntA
GetPrivateProfileStringA
VirtualProtect
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
GetCommandLineA
GetCurrentThreadId
RaiseException
RtlUnwind
GetLastError
HeapFree
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapSize
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
EnterCriticalSection
LeaveCriticalSection
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
LoadLibraryExW
HeapReAlloc
LCMapStringW
OutputDebugStringW
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileW
CloseHandle

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5fa76497d50062e8dcfb210d81f8a604

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 62KB - Virtual size: 61KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 62KB - Virtual size: 61KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB