curl[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

curl.exe
Size

375KB
MD5

8a91bac700a4aec640b960a29d1d146b
SHA1

338ec5b1e711bbf14759fd6770d2c2b015dbcc29
SHA256

1a9670432512cf62b3c8b7a10c09537c8f59771aa3e0f32e37c76b6015501956
SHA512

5d7c329d902cf48e3565071b83daadf7befecf358c5341c76144650bcb0b86a3e4e92c452ab54807cbf93cf753f99150ca91f8f5f48c0e18bca11eca65967bf4
SSDEEP

6144:U9vjtvEl7Oalh71q5kDis9GFxCRCz24YLdUHJFZk0kH9QS49a+jCG/7yb1FAVKB:UJtvElKKhqv5z2hdd9nFAV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
curl.exe

Files

curl.exe
.exe windows x86

5c0fcf5801546c069249296944b7cca8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ioctlsocket

libcurl

curl_multi_init
curl_mprintf
curl_easy_perform
curl_multi_add_handle
curl_easy_init
curl_easy_setopt
curl_easy_strerror
curl_mime_free
curl_share_cleanup
curl_share_setopt
curl_share_init
curl_mime_init
curl_easy_cleanup
curl_mime_name
curl_version_info
curl_multi_perform
curl_mime_filename
curl_mime_type
curl_mime_encoder
curl_mime_data
curl_mime_filedata
curl_mime_data_cb
curl_mime_subparts
curl_global_init
curl_mime_headers
curl_strequal
curl_multi_remove_handle
curl_multi_cleanup
curl_multi_info_read
curl_easy_escape
curl_getdate
curl_url
curl_url_cleanup
curl_url_get
curl_mvfprintf
curl_multi_poll
curl_mime_addpart
curl_global_cleanup
curl_version
curl_maprintf
curl_easy_pause
curl_free
curl_getenv
curl_easy_getinfo
curl_strnequal
curl_msnprintf
curl_mfprintf
curl_slist_free_all
curl_slist_append
curl_mvaprintf
curl_url_set

kernel32

InitializeSListHead
WideCharToMultiByte
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VerSetConditionMask
GetModuleHandleA
GetProcAddress
VerifyVersionInfoW
GetStdHandle
GetConsoleScreenBufferInfo
SetEndOfFile
WriteConsoleW
SearchPathW
CloseHandle
GetLastError
GetTickCount
QueryPerformanceCounter
Sleep
GetModuleFileNameA
SetFileTime
GetFileTime
CreateFileW
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
SetConsoleMode
SetConsoleCtrlHandler
GetConsoleMode
QueryPerformanceFrequency
MultiByteToWideChar

vcruntime140

memset
strrchr
memchr
memmove
strchr
strstr
_except_handler4_common
__std_type_info_destroy_list
memcpy

api-ms-win-crt-stdio-l1-1-0

fputs
fwrite
fflush
__acrt_iob_func
_set_fmode
_get_osfhandle
_lseeki64
_wopen
_wfopen
__p__commode
_read
_write
fclose
ferror
fread
fseek
ftell
getc
__stdio_common_vsscanf
_fileno
_setmode
_close
_isatty
fputc
fgets
puts

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_controlfp_s
terminate
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_c_exit
__p___wargv
_set_app_type
_errno
__p___argc
strerror
_configure_wide_argv
_exit
exit
_initterm_e
_initterm
_initialize_wide_environment
_get_initial_wide_environment
_configure_narrow_argv

api-ms-win-crt-filesystem-l1-1-0

_wstat64
_waccess
_mkdir
_fstat64

api-ms-win-crt-heap-l1-1-0

_set_new_mode
realloc
free
calloc
malloc

api-ms-win-crt-convert-l1-1-0

strtoul
strtoll
strtod
strtol

api-ms-win-crt-time-l1-1-0

_localtime64
_time64

api-ms-win-crt-string-l1-1-0

isprint
strncpy
_strdup
strpbrk
strtok
strncmp
strcspn

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
setlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdopen
_except1

api-ms-win-crt-conio-l1-1-0

_getch

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c0fcf5801546c069249296944b7cca8

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

libcurl

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-conio-l1-1-0

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 272KB - Virtual size: 272KB

.data Size: 512B - Virtual size: 1KB

.gfids Size: 512B - Virtual size: 36B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 272KB - Virtual size: 272KB

.data
Size: 512B - Virtual size: 1KB

.gfids
Size: 512B - Virtual size: 36B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 9KB