libcurl[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

libcurl.zip
Size

347KB
MD5

838c2ebfc94e637c560d759bc862596e
SHA1

9f5d1e37272305c07f7698b5ebb3aad4458f8bc3
SHA256

9ca4a012f993679fe487816d2c92f047eadc1d40c6e1ce4d8e0b8dbf35edd171
SHA512

9e3de7b44eb3b7a0e12b0db026cfc692f1455b04cac5ce70cdf469ed332ceef9d30726a28cfe97475b2425e251ae56a55f750bcb8384347f79b6ee11273dc136
SSDEEP

6144:FAteB2VsH8PpHhE41QV+sE4W1B6ynxq3Z6DVEHQhCqCCiOCUYXSD55Qj0iybCMIz:Ky2VscU41NsiIgqHQhH9R4ICMINu+

Score

N/A

Malware Config

Signatures

Files

libcurl.zip
.zip
GUP.exe
.exe windows x64

69e374040c4b9d552fcf7cc67435e5c4

Code Sign

01:34:25:92:a0:01:0c:b1:10:9c:11:c0:51:9c:fd:24
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03/05/2019, 00:00

Not After

11/05/2022, 12:00

Subject

CN=Notepad\+\+,O=Notepad\+\+,L=Saint Cloud,ST=Ile-de-France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

82:bb:84:10:7e:eb:8a:ca:4f:71:c2:e8:4b:a5:09:d3:d3:10:0c:a0
Signer

Actual PE Digest

82:bb:84:10:7e:eb:8a:ca:4f:71:c2:e8:4b:a5:09:d3:d3:10:0c:a0

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Notepad\+\+,O=Notepad\+\+,L=Saint Cloud,ST=Ile-de-France,C=FR

27/10/2019, 22:12
Valid: true

Chain 1

CN=Notepad\+\+,O=Notepad\+\+,L=Saint Cloud,ST=Ile-de-France,C=FR

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libcurl

curl_easy_setopt
curl_easy_cleanup
curl_easy_init
curl_easy_perform

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsA
PathFindExtensionA
PathIsDirectoryA
PathRemoveFileSpecA
PathFindFileNameA

kernel32

UnregisterWaitEx
QueryDepthSList
LoadLibraryW
CompareStringW
InterlockedPopEntrySList
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
MoveFileA
OutputDebugStringA
lstrlenA
Sleep
DeleteFileA
lstrcpyA
CreateThread
CreateDirectoryA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
InitializeCriticalSection
WaitForSingleObject
CreateEventW
GetLastError
SetEvent
CloseHandle
ResetEvent
CreateSemaphoreW
GetModuleHandleA
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
SetEndOfFile
HeapSize
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
WaitForSingleObjectEx
GetModuleHandleW
GetProcAddress
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
WideCharToMultiByte
TryEnterCriticalSection
DuplicateHandle
GetCurrentThread
GetExitCodeThread
EncodePointer
DecodePointer
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlPcToFileHeader
RaiseException
FreeLibrary
LoadLibraryExW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
ReadFile
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
GetModuleFileNameW
GetStdHandle
WriteFile
GetACP
HeapAlloc
HeapFree
HeapReAlloc
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetFileType
FlushFileBuffers
GetConsoleCP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
SetStdHandle
CreateFileW
WriteConsoleW

user32

FindWindowExA
SetWindowTextA
MessageBoxA
GetDlgItemTextA
SetDlgItemTextA
SendMessageA
GetDlgItemInt
SystemParametersInfoA
SetDlgItemInt
DialogBoxParamA
EndDialog
SetWindowPos
GetWindowRect
CreateWindowExA

shell32

SHFileOperationA
ShellExecuteA

Sections

.text
Size: 472KB - Virtual size: 471KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libcurl.dll
.dll windows x64

db93b3e4f513efe521b69db27658ee80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

vcruntime140

__C_specific_handler
__std_type_info_destroy_list
memset

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
system
_initialize_narrow_environment

kernel32

GetCurrentProcessId
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
RtlLookupFunctionEntry
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69e374040c4b9d552fcf7cc67435e5c4

Code Sign

01:34:25:92:a0:01:0c:b1:10:9c:11:c0:51:9c:fd:24Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

82:bb:84:10:7e:eb:8a:ca:4f:71:c2:e8:4b:a5:09:d3:d3:10:0c:a0Signer

Signature Validations

Verification

27/10/2019, 22:12 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

libcurl

comctl32

shlwapi

kernel32

user32

shell32

Sections

.text Size: 472KB - Virtual size: 471KB

.rdata Size: 175KB - Virtual size: 174KB

.data Size: 15KB - Virtual size: 22KB

.pdata Size: 27KB - Virtual size: 26KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 5KB - Virtual size: 5KB

db93b3e4f513efe521b69db27658ee80

Headers

DLL Characteristics

File Characteristics

Imports

vcruntime140

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 408B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 24B

01:34:25:92:a0:01:0c:b1:10:9c:11:c0:51:9c:fd:24
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

82:bb:84:10:7e:eb:8a:ca:4f:71:c2:e8:4b:a5:09:d3:d3:10:0c:a0
Signer

27/10/2019, 22:12
Valid: true

.text
Size: 472KB - Virtual size: 471KB

.rdata
Size: 175KB - Virtual size: 174KB

.data
Size: 15KB - Virtual size: 22KB

.pdata
Size: 27KB - Virtual size: 26KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 408B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 24B