curl[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

curl.exe
Size

553KB
MD5

05dedf1936a065612e52c37e40143646
SHA1

f64457b2255a6bb2224eed25a0954b5274ec62d7
SHA256

664bb48bf3e8a7d7036e4b0029fa10e1a90c2562ad9a09a885650408d00dea1b
SHA512

4f529300c076c6b76e90fc4e6a1cffd4ac36b7112ea18e7dfa1ce020f2ef50592d834b1b61da14291a41f60b96e26fe1bf57e8fe2a0f3e6d234667f0fd11beb0
SSDEEP

12288:i78u7Mqlq+YZyDTI1EbGE3dQCIy9AodE:+lbfI2p3NIBoe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
curl.exe

Files

curl.exe
.exe windows x64

a798305e4231d362adc62175debe3e10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableA
SearchPathW
GetStdHandle

api-ms-win-core-file-l1-1-0

SetEndOfFile
GetFileSizeEx
CreateFileW
GetFileType
GetFileTime
ReadFile
SetFileTime

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-console-l1-1-0

GetConsoleMode
SetConsoleMode
SetConsoleCtrlHandler
WriteConsoleW

api-ms-win-core-toolhelp-l1-1-0

CreateToolhelp32Snapshot
Module32FirstW
Module32NextW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
GetModuleHandleA
GetModuleHandleW
FreeLibrary
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount

ws2_32

inet_pton
WSAEnumNetworkEvents
getsockopt
WSAWaitForMultipleEvents
send
WSAResetEvent
WSAEventSelect
WSACreateEvent
WSACloseEvent
connect
getsockname
getpeername
WSAStartup
bind
inet_ntop
sendto
WSACleanup
ntohs
WSASetLastError
WSAGetLastError
recv
gethostname
ioctlsocket
getaddrinfo
closesocket
freeaddrinfo
htonl
setsockopt
WSAIoctl
htons
socket
select
__WSAFDIsSet
recvfrom
accept
listen

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
AcquireSRWLockExclusive
DeleteCriticalSection
LeaveCriticalSection
SleepEx
WaitForSingleObjectEx
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive

api-ms-win-core-localization-l1-2-0

FormatMessageW
IdnToAscii

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

bcrypt

BCryptGenRandom

api-ms-win-security-cryptoapi-l1-1-0

CryptAcquireContextW
CryptHashData
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptCreateHash

crypt32

CertFindCertificateInStore
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptStringToBinaryW
CryptDecodeObjectEx
CertGetCertificateChain
CertFreeCertificateChainEngine
CertAddCertificateContextToStore
CryptQueryObject
CertFreeCertificateChain
CertGetNameStringW
CertFindExtension
CertCreateCertificateChainEngine
PFXImportCertStore

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-namedpipe-l1-1-0

PeekNamedPipe

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
free
realloc
calloc

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fflush
fwrite
fputs
_read
_write
_close
_lseeki64
_get_osfhandle
_isatty
_setmode
fputc
_set_fmode
__stdio_common_vsprintf
_wfopen
_wopen
__stdio_common_vfprintf
freopen
feof
fgets
__p__commode
puts
__stdio_common_vsscanf
fread
getc
fseek
ferror
ftell
fclose
_fileno

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64
_localtime64
strftime

api-ms-win-crt-convert-l1-1-0

strtoul
strtoll
strtol
atoi
strtod
wcstombs

api-ms-win-crt-runtime-l1-1-0

__p___wargv
__p___argc
_beginthreadex
_initialize_onexit_table
__sys_nerr
_exit
exit
_register_onexit_function
_initterm_e
__sys_errlist
_get_initial_wide_environment
_crt_atexit
_c_exit
_register_thread_local_exe_atexit_callback
strerror
terminate
_errno
_cexit
abort
_seh_filter_exe
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_initterm

api-ms-win-crt-string-l1-1-0

strcmp
strtok
_stricmp
wcsncmp
wcsncpy
wcspbrk
strspn
_strdup
_wcsdup
wcscmp
strcspn
strncmp
strncpy
strpbrk

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_mkdir
_wstat64
_waccess
_unlink

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
setlocale

api-ms-win-crt-utility-l1-1-0

qsort

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
InitializeSListHead
GetCurrentProcess
SetUnhandledExceptionFilter
RtlCaptureContext
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
TerminateProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwindEx

api-ms-win-core-processthreads-l1-1-0

TlsAlloc
TlsSetValue
TlsGetValue
TlsFree

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdopen

api-ms-win-crt-conio-l1-1-0

_getch

Sections

.text
Size: 396KB - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a798305e4231d362adc62175debe3e10

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-console-l2-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-toolhelp-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

ws2_32

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-synch-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

bcrypt

api-ms-win-security-cryptoapi-l1-1-0

crypt32

api-ms-win-core-file-l2-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

kernel32

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-conio-l1-1-0

Sections

.text Size: 396KB - Virtual size: 396KB

.rdata Size: 135KB - Virtual size: 134KB

.data Size: 2KB - Virtual size: 5KB

.pdata Size: 11KB - Virtual size: 11KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 396KB - Virtual size: 396KB

.rdata
Size: 135KB - Virtual size: 134KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 11KB - Virtual size: 11KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB