daf92961c53b452b1afd6427c43de39bc558e06686f71727c43d2fdd5a3a5814

Sharing

Copy URL

Twitter E-mail

General

Target

daf92961c53b452b1afd6427c43de39bc558e06686f71727c43d2fdd5a3a5814
Size

4.7MB
MD5

c3ac464f57ad8d6d6b1dcc62918f813d
SHA1

53b6f75e5a7396ef5fbc5ddeb5ab3a1e5649fc6f
SHA256

daf92961c53b452b1afd6427c43de39bc558e06686f71727c43d2fdd5a3a5814
SHA512

972adfd0ed198db0ded3d80b6981a5df7733eb88d79159010f8a3fdf0be56401a6e74e639d74f421f1470b6a4859d8f695614941ca04ea42121cbea07b73c4ee
SSDEEP

98304:B7n6S/OfXHIC2ZQq29pF0AsiR1CvYOo2gNldP4MAtm+55CMj:YSGfXh2Zo0piOg5zAt7/rj

Score

N/A

Malware Config

Signatures

Files

daf92961c53b452b1afd6427c43de39bc558e06686f71727c43d2fdd5a3a5814
.zip
batch CF优选IP/CF优选IP-ANSI.bat
.bat .vbs
batch CF优选IP/CF优选IP-UTF8.bat
.bat .vbs
batch CF优选IP/CR.txt
batch CF优选IP/CR2CRLF.exe
.exe windows x86

d5b5c6c9ae92bd37819e9dcb54c59db4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
RtlUnwind
RaiseException
HeapFree
GetCommandLineA
GetVersion
ExitProcess
HeapAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
LCMapStringA
LCMapStringW
GetCPInfo
CompareStringA
CompareStringW
GetLastError
CloseHandle
WriteFile
SetFilePointer
FlushFileBuffers
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
HeapSize
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
GetProcAddress
GetModuleHandleA
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
SetStdHandle
IsBadReadPtr
IsBadCodePtr
ReadFile
GetACP
GetOEMCP
LoadLibraryA
CreateFileA
GetLocaleInfoW
SetEndOfFile
SetEnvironmentVariableA

Sections

.text
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
batch CF优选IP/RTT.bat
.bat .vbs
batch CF优选IP/curl-ca-bundle.crt
batch CF优选IP/curl.exe
.exe windows x86

d007d4d03aa762b53e0db3bfe6b9c1bf

Code Sign

7d:03:65:c7:4e:9a:b2:94:d2:70:e5:0d:5f:cb:ad:78:bf:47:1d:fe
Certificate

Issuer

CN=curl-for-win Root CA 2020

Not Before

29-09-2020 12:40

Not After

29-09-2023 12:40

Subject

CN=curl-for-win Code Signing Authority

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

41:e1:40:1d:50:7a:75:a9:47:6c:f9:4c:f1:73:3f:bd:14:8d:a2:c7
Certificate

Issuer

CN=curl-for-win Root CA 2020

Not Before

29-09-2020 12:40

Not After

29-09-2025 12:40

Subject

CN=curl-for-win Root CA 2020

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

99:4c:84:40:f2:71:0a:6d:aa:91:d5:6c:f7:6c:43:9b:98:9f:7d:3c:11:4f:dd:b2:61:7c:06:97:e9:ea:45:95
Signer

Actual PE Digest

99:4c:84:40:f2:71:0a:6d:aa:91:d5:6c:f7:6c:43:9b:98:9f:7d:3c:11:4f:dd:b2:61:7c:06:97:e9:ea:45:95

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=curl-for-win Code Signing Authority

22-09-2022 19:02
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
CryptGenRandom
CryptGetHashParam
CryptHashData
CryptReleaseContext
DeregisterEventSource
RegisterEventSourceW
ReportEventW

crypt32

CertAddCertificateContextToStore
CertCloseStore
CertCreateCertificateChainEngine
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFindExtension
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertGetNameStringW
CertOpenStore
CertOpenSystemStoreW
CryptDecodeObjectEx
CryptQueryObject
CryptStringToBinaryW
PFXImportCertStore

kernel32

CloseHandle
CompareFileTime
ConvertFiberToThread
ConvertThreadToFiber
CreateFiber
CreateFileMappingA
CreateFileW
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFiber
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
FreeLibrary
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetEnvironmentVariableW
GetFileSizeEx
GetFileTime
GetFileType
GetLastError
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetStartupInfoW
GetStdHandle
GetSystemDirectoryW
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetTimeZoneInformation
GetVersion
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MapViewOfFile
Module32FirstW
Module32NextW
MoveFileExW
MultiByteToWideChar
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleA
ReadConsoleW
ReadFile
SearchPathW
SetConsoleMode
SetEndOfFile
SetFileTime
SetLastError
SetUnhandledExceptionFilter
Sleep
SleepEx
SwitchToFiber
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile

msvcrt

__lconv_init
__mb_cur_max
__p__commode
__p__fmode
__p__wcmdln
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_access
_amsg_exit
_beginthreadex
_cexit
_errno
_chmod
_exit
_fileno
_fstati64
_get_osfhandle
_getpid
_initterm
_iob
_lock
_lseeki64
_onexit
_setmode
_snwprintf
_sys_nerr
_unlock
_vsnprintf
_waccess
_wcsdup
_wfopen
abort
atoi
calloc
clearerr
exit
fclose
feof
ferror
fflush
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getc
getenv
islower
isprint
isspace
isupper
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
localtime
gmtime
difftime
putchar
puts
qsort
raise
realloc
rewind
setbuf
setlocale
setvbuf
signal
strcat
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtok
strtol
strtoul
tolower
ungetc
vfprintf
time
_strdup
_stricmp
_strnicmp
_strtoi64
wcschr
wcscmp
wcscpy
wcslen
wcsncmp
wcsncpy
wcspbrk
wcsstr
wcstombs
_wstati64
_vsnwprintf
_stat
_stati64
_fstat
_write
_unlink
_strdup
_setmode
_read
_open
_mkdir
_isatty
_getch
_fileno
_fdopen
_close

normaliz

IdnToAscii
IdnToUnicode

user32

FindWindowA
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
SendMessageA

wldap32

ber_free
ldap_bind_sW
ldap_err2stringA
ldap_first_attributeW
ldap_first_entry
ldap_get_dnW
ldap_get_values_lenW
ldap_initW
ldap_memfreeW
ldap_msgfree
ldap_next_attributeW
ldap_next_entry
ldap_search_sW
ldap_set_optionW
ldap_simple_bind_sW
ldap_sslinitW
ldap_unbind_s
ldap_value_free_len

ws2_32

WSACleanup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAIoctl
WSAResetEvent
WSASetEvent
WSASetLastError
WSAStartup
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyname
gethostname
getnameinfo
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 789KB - Virtual size: 788KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 49B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
batch CF优选IP/ipv4.csv
batch CF优选IP/ipv4.txt
batch CF优选IP/libcurl.dll
.dll windows x86

2a14343ba77be966983d429155eab3b9

Code Sign

7d:03:65:c7:4e:9a:b2:94:d2:70:e5:0d:5f:cb:ad:78:bf:47:1d:fe
Certificate

Issuer

CN=curl-for-win Root CA 2020

Not Before

29-09-2020 12:40

Not After

29-09-2023 12:40

Subject

CN=curl-for-win Code Signing Authority

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

41:e1:40:1d:50:7a:75:a9:47:6c:f9:4c:f1:73:3f:bd:14:8d:a2:c7
Certificate

Issuer

CN=curl-for-win Root CA 2020

Not Before

29-09-2020 12:40

Not After

29-09-2025 12:40

Subject

CN=curl-for-win Root CA 2020

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:08:eb:28:a6:ee:6f:a7:49:ba:59:fd:47:fc:37:ca:58:56:01:c0:d4:d9:2b:5f:c0:81:6b:31:54:d1:23:68
Signer

Actual PE Digest

47:08:eb:28:a6:ee:6f:a7:49:ba:59:fd:47:fc:37:ca:58:56:01:c0:d4:d9:2b:5f:c0:81:6b:31:54:d1:23:68

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=curl-for-win Code Signing Authority

22-09-2022 19:02
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

libcrypto-1_1

ASN1_OCTET_STRING_free
ASN1_STRING_get0_data
ASN1_STRING_length
ASN1_STRING_print
ASN1_STRING_to_UTF8
ASN1_STRING_type
ASN1_TIME_print
BIO_ctrl
BIO_free
BIO_new
BIO_new_file
BIO_new_mem_buf
BIO_printf
BIO_puts
BIO_s_file
BIO_s_mem
BN_CTX_free
BN_CTX_new
BN_bin2bn
BN_bn2bin
BN_clear_free
BN_div
BN_mod_exp
BN_new
BN_num_bits
BN_print
BN_rand
BN_set_word
BN_sub
BN_value_one
CRYPTO_free
CRYPTO_get_ex_new_index
CRYPTO_malloc
DES_ecb_encrypt
DES_set_key
DES_set_odd_parity
DH_get0_key
DH_get0_pqg
DSA_SIG_free
DSA_SIG_get0
DSA_SIG_new
DSA_SIG_set0
DSA_do_sign
DSA_do_verify
DSA_free
DSA_get0_key
DSA_get0_pqg
DSA_new
DSA_set0_key
DSA_set0_pqg
ECDH_compute_key
ECDSA_SIG_free
ECDSA_SIG_get0
ECDSA_SIG_new
ECDSA_SIG_set0
ECDSA_do_sign
ECDSA_do_verify
EC_GROUP_get_curve_name
EC_GROUP_get_degree
EC_KEY_free
EC_KEY_generate_key
EC_KEY_get0_group
EC_KEY_get0_public_key
EC_KEY_new_by_curve_name
EC_KEY_set_private_key
EC_KEY_set_public_key
EC_POINT_free
EC_POINT_new
EC_POINT_oct2point
EC_POINT_point2oct
ENGINE_by_id
ENGINE_ctrl
ENGINE_ctrl_cmd
ENGINE_finish
ENGINE_free
ENGINE_get_first
ENGINE_get_id
ENGINE_get_next
ENGINE_init
ENGINE_load_builtin_engines
ENGINE_load_private_key
ENGINE_register_all_complete
ENGINE_set_default
ERR_clear_error
ERR_error_string_n
ERR_get_error
ERR_peek_error
ERR_peek_last_error
EVP_CIPHER_CTX_free
EVP_CIPHER_CTX_get_app_data
EVP_CIPHER_CTX_key_length
EVP_CIPHER_CTX_new
EVP_CIPHER_CTX_set_app_data
EVP_CIPHER_CTX_set_padding
EVP_CIPHER_meth_free
EVP_CIPHER_meth_new
EVP_CIPHER_meth_set_cleanup
EVP_CIPHER_meth_set_do_cipher
EVP_CIPHER_meth_set_init
EVP_CIPHER_meth_set_iv_length
EVP_Cipher
EVP_CipherInit
EVP_DigestFinal
EVP_DigestFinal_ex
EVP_DigestInit
EVP_DigestInit_ex
EVP_DigestSign
EVP_DigestSignInit
EVP_DigestUpdate
EVP_DigestVerify
EVP_DigestVerifyInit
EVP_EncryptInit
EVP_EncryptUpdate
EVP_MD_CTX_free
EVP_MD_CTX_new
EVP_PKEY2PKCS8
EVP_PKEY_CTX_free
EVP_PKEY_CTX_new
EVP_PKEY_CTX_new_id
EVP_PKEY_copy_parameters
EVP_PKEY_derive
EVP_PKEY_derive_init
EVP_PKEY_derive_set_peer
EVP_PKEY_free
EVP_PKEY_get0_DH
EVP_PKEY_get0_DSA
EVP_PKEY_get0_RSA
EVP_PKEY_get1_DSA
EVP_PKEY_get1_EC_KEY
EVP_PKEY_get1_RSA
EVP_PKEY_id
EVP_PKEY_keygen
EVP_PKEY_keygen_init
EVP_PKEY_new
EVP_PKEY_new_raw_private_key
EVP_PKEY_new_raw_public_key
EVP_PKEY_set1_DSA
EVP_PKEY_set1_EC_KEY
EVP_PKEY_set1_RSA
EVP_aes_128_cbc
EVP_aes_128_ecb
EVP_aes_192_cbc
EVP_aes_192_ecb
EVP_aes_256_cbc
EVP_aes_256_ecb
EVP_bf_cbc
EVP_cast5_cbc
EVP_des_ede3_cbc
EVP_get_digestbyname
EVP_md5
EVP_rc4
EVP_ripemd160
EVP_sha1
EVP_sha256
EVP_sha512
GENERAL_NAMES_free
HMAC_CTX_free
HMAC_CTX_new
HMAC_Final
HMAC_Init_ex
HMAC_Update
MD4_Final
MD4_Init
MD4_Update
MD5_Final
MD5_Init
MD5_Update
OCSP_BASICRESP_free
OCSP_RESPONSE_free
OCSP_basic_verify
OCSP_cert_status_str
OCSP_check_validity
OCSP_crl_reason_str
OCSP_resp_count
OCSP_resp_get0
OCSP_response_get1_basic
OCSP_response_status
OCSP_response_status_str
OCSP_single_get0_status
OPENSSL_load_builtin_modules
OPENSSL_sk_num
OPENSSL_sk_pop
OPENSSL_sk_pop_free
OPENSSL_sk_value
OpenSSL_version_num
PEM_read_bio_DSAPrivateKey
PEM_read_bio_ECPrivateKey
PEM_read_bio_PrivateKey
PEM_read_bio_RSAPrivateKey
PEM_read_bio_X509
PEM_read_bio_X509_AUX
PEM_write_bio_X509
PKCS12_PBE_add
PKCS12_free
PKCS12_parse
PKCS8_PRIV_KEY_INFO_free
PKCS8_pkey_get0
RAND_add
RAND_bytes
RAND_file_name
RAND_load_file
RAND_status
RSA_flags
RSA_free
RSA_get0_factors
RSA_get0_key
RSA_new
RSA_set0_crt_params
RSA_set0_factors
RSA_set0_key
RSA_sign
RSA_size
RSA_verify
SHA256_Final
SHA256_Init
SHA256_Update
UI_OpenSSL
UI_create_method
UI_destroy_method
UI_get0_user_data
UI_get_input_flags
UI_get_string_type
UI_method_get_closer
UI_method_get_opener
UI_method_get_reader
UI_method_get_writer
UI_method_set_closer
UI_method_set_opener
UI_method_set_reader
UI_method_set_writer
UI_set_result
X509V3_EXT_print
X509_EXTENSION_get_data
X509_EXTENSION_get_object
X509_LOOKUP_file
X509_NAME_ENTRY_get_data
X509_NAME_get_entry
X509_NAME_get_index_by_NID
X509_NAME_print_ex
X509_PUBKEY_free
X509_PUBKEY_get0_param
X509_PUBKEY_new
X509_PUBKEY_set
X509_STORE_add_cert
X509_STORE_add_lookup
X509_STORE_set_flags
X509_check_issued
X509_free
X509_get0_extensions
X509_get0_notAfter
X509_get0_notBefore
X509_get0_signature
X509_get_X509_PUBKEY
X509_get_ext_d2i
X509_get_issuer_name
X509_get_pubkey
X509_get_serialNumber
X509_get_subject_name
X509_get_version
X509_load_crl_file
X509_verify_cert_error_string
d2i_ASN1_OCTET_STRING
d2i_OCSP_RESPONSE
d2i_PKCS12_bio
d2i_PrivateKey_bio
d2i_X509
d2i_X509_bio
i2a_ASN1_OBJECT
i2d_X509_PUBKEY
i2t_ASN1_OBJECT

libssl-1_1

BIO_f_ssl
SSL_CIPHER_get_name
SSL_CTX_add_client_CA
SSL_CTX_check_private_key
SSL_CTX_ctrl
SSL_CTX_free
SSL_CTX_get_cert_store
SSL_CTX_load_verify_locations
SSL_CTX_new
SSL_CTX_sess_set_new_cb
SSL_CTX_set_alpn_protos
SSL_CTX_set_cipher_list
SSL_CTX_set_ciphersuites
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_keylog_callback
SSL_CTX_set_msg_callback
SSL_CTX_set_next_proto_select_cb
SSL_CTX_set_options
SSL_CTX_set_post_handshake_auth
SSL_CTX_set_srp_password
SSL_CTX_set_srp_username
SSL_CTX_set_verify
SSL_CTX_use_PrivateKey
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_certificate
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_file
SSL_SESSION_free
SSL_alert_desc_string_long
SSL_connect
SSL_ctrl
SSL_free
SSL_get0_alpn_selected
SSL_get_certificate
SSL_get_current_cipher
SSL_get_error
SSL_get_ex_data
SSL_get_peer_cert_chain
SSL_get_peer_certificate
SSL_get_privatekey
SSL_get_shutdown
SSL_get_verify_result
SSL_new
SSL_pending
SSL_read
SSL_set_bio
SSL_set_connect_state
SSL_set_ex_data
SSL_set_fd
SSL_set_session
SSL_shutdown
SSL_version
SSL_write
TLS_client_method

advapi32

CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
CryptGenRandom
CryptGetHashParam
CryptHashData
CryptReleaseContext

crypt32

CertAddCertificateContextToStore
CertCloseStore
CertCreateCertificateChainEngine
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFindExtension
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertGetNameStringW
CertOpenStore
CertOpenSystemStoreW
CryptDecodeObjectEx
CryptQueryObject
CryptStringToBinaryW
PFXImportCertStore

kernel32

CloseHandle
CompareFileTime
CreateFileMappingA
CreateFileW
DeleteCriticalSection
EnterCriticalSection
FormatMessageW
FreeLibrary
GetCurrentThreadId
GetEnvironmentVariableA
GetFileSizeEx
GetFileType
GetLastError
GetModuleHandleW
GetProcAddress
GetStdHandle
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount
GetTimeZoneInformation
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MapViewOfFile
MoveFileExW
MultiByteToWideChar
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
SetLastError
Sleep
SleepEx
TlsGetValue
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

__mb_cur_max
_access
_amsg_exit
_beginthreadex
_errno
_fstati64
_getpid
_initterm
_iob
_lock
_lseeki64
_sys_nerr
_unlock
_waccess
_wcsdup
_wfopen
abort
atoi
calloc
fclose
feof
fflush
fgets
fopen
fputc
fputs
fread
free
fseek
ftell
fwrite
getc
islower
isspace
isupper
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
gmtime
difftime
qsort
realloc
rewind
setlocale
setvbuf
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtol
strtoul
tolower
ungetc
vfprintf
time
_strtoi64
wcschr
wcscpy
wcslen
wcsncmp
wcsncpy
wcspbrk
wcstombs
_wstati64
_stati64
_write
_unlink
_strdup
_read
_open
_close

normaliz

IdnToAscii
IdnToUnicode

user32

FindWindowA
SendMessageA

wldap32

ber_free
ldap_bind_sW
ldap_err2stringA
ldap_first_attributeW
ldap_first_entry
ldap_get_dnW
ldap_get_values_lenW
ldap_initW
ldap_memfreeW
ldap_msgfree
ldap_next_attributeW
ldap_next_entry
ldap_search_sW
ldap_set_optionW
ldap_simple_bind_sW
ldap_sslinitW
ldap_unbind_s
ldap_value_free_len

ws2_32

WSACleanup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAIoctl
WSAResetEvent
WSASetEvent
WSASetLastError
WSAStartup
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_option_by_id
curl_easy_option_by_name
curl_easy_option_next
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_pushheader_byname
curl_pushheader_bynum
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_version
curl_version_info

Sections

.text
Size: 759KB - Virtual size: 758KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 287KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
batch CF优选IP/rtt.txt
batch CF优选IP/rtt/1.log
batch CF优选IP/rtt/10.log
batch CF优选IP/rtt/2.log
batch CF优选IP/rtt/3.log
batch CF优选IP/rtt/4.log
batch CF优选IP/rtt/5.log
batch CF优选IP/rtt/6.log
batch CF优选IP/rtt/7.log
batch CF优选IP/rtt/8.log
batch CF优选IP/rtt/9.log
batch CF优选IP/使用说明.txt
batch CF优选IP/双击自解压curl.exe
.exe windows x86

fcf1390e9ce472c7270447fc5c61a0c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5b5c6c9ae92bd37819e9dcb54c59db4

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 124KB - Virtual size: 120KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 12KB - Virtual size: 16KB

d007d4d03aa762b53e0db3bfe6b9c1bf

Code Sign

7d:03:65:c7:4e:9a:b2:94:d2:70:e5:0d:5f:cb:ad:78:bf:47:1d:feCertificate

Extended Key Usages

Key Usages

41:e1:40:1d:50:7a:75:a9:47:6c:f9:4c:f1:73:3f:bd:14:8d:a2:c7Certificate

Key Usages

99:4c:84:40:f2:71:0a:6d:aa:91:d5:6c:f7:6c:43:9b:98:9f:7d:3c:11:4f:dd:b2:61:7c:06:97:e9:ea:45:95Signer

Signature Validations

Verification

22-09-2022 19:02 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

crypt32

kernel32

msvcrt

normaliz

user32

wldap32

ws2_32

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.data Size: 15KB - Virtual size: 15KB

.rdata Size: 789KB - Virtual size: 788KB

.bss Size: - Virtual size: 18KB

.edata Size: 512B - Virtual size: 49B

.idata Size: 8KB - Virtual size: 8KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 99KB - Virtual size: 99KB

2a14343ba77be966983d429155eab3b9

Code Sign

7d:03:65:c7:4e:9a:b2:94:d2:70:e5:0d:5f:cb:ad:78:bf:47:1d:feCertificate

Extended Key Usages

Key Usages

41:e1:40:1d:50:7a:75:a9:47:6c:f9:4c:f1:73:3f:bd:14:8d:a2:c7Certificate

Key Usages

47:08:eb:28:a6:ee:6f:a7:49:ba:59:fd:47:fc:37:ca:58:56:01:c0:d4:d9:2b:5f:c0:81:6b:31:54:d1:23:68Signer

Signature Validations

Verification

22-09-2022 19:02 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

libcrypto-1_1

libssl-1_1

advapi32

crypt32

kernel32

msvcrt

normaliz

user32

wldap32

ws2_32

Exports

Exports

Sections

.text Size: 759KB - Virtual size: 758KB

.data Size: 5KB - Virtual size: 5KB

.rdata Size: 287KB - Virtual size: 287KB

.bss Size: - Virtual size: 4KB

.text
Size: 124KB - Virtual size: 120KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 12KB - Virtual size: 16KB

7d:03:65:c7:4e:9a:b2:94:d2:70:e5:0d:5f:cb:ad:78:bf:47:1d:fe
Certificate

41:e1:40:1d:50:7a:75:a9:47:6c:f9:4c:f1:73:3f:bd:14:8d:a2:c7
Certificate

99:4c:84:40:f2:71:0a:6d:aa:91:d5:6c:f7:6c:43:9b:98:9f:7d:3c:11:4f:dd:b2:61:7c:06:97:e9:ea:45:95
Signer

22-09-2022 19:02
Valid: false

.text
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 15KB - Virtual size: 15KB

.rdata
Size: 789KB - Virtual size: 788KB

.bss
Size: - Virtual size: 18KB

.edata
Size: 512B - Virtual size: 49B

.idata
Size: 8KB - Virtual size: 8KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 99KB - Virtual size: 99KB

7d:03:65:c7:4e:9a:b2:94:d2:70:e5:0d:5f:cb:ad:78:bf:47:1d:fe
Certificate

41:e1:40:1d:50:7a:75:a9:47:6c:f9:4c:f1:73:3f:bd:14:8d:a2:c7
Certificate

47:08:eb:28:a6:ee:6f:a7:49:ba:59:fd:47:fc:37:ca:58:56:01:c0:d4:d9:2b:5f:c0:81:6b:31:54:d1:23:68
Signer

22-09-2022 19:02
Valid: false

.text
Size: 759KB - Virtual size: 758KB

.data
Size: 5KB - Virtual size: 5KB

.rdata
Size: 287KB - Virtual size: 287KB

.bss
Size: - Virtual size: 4KB

.edata
Size: 2KB - Virtual size: 2KB

.idata
Size: 16KB - Virtual size: 16KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 30KB - Virtual size: 30KB

.text
Size: 196KB - Virtual size: 195KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 4KB - Virtual size: 141KB

.didat
Size: 512B - Virtual size: 392B

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 9KB - Virtual size: 8KB