929ee44f8304892fd97c10464d7a60dbda39928e0b1d2b34f5348fd2cc45dbd1

Sharing

Copy URL Twitter E-mail

General

Target

929ee44f8304892fd97c10464d7a60dbda39928e0b1d2b34f5348fd2cc45dbd1
Size

7.2MB
MD5

2818cb0b27bb78e1c50318700075a54b
SHA1

d194a812446ba1d944c3b6314ff6bc9583084c70
SHA256

929ee44f8304892fd97c10464d7a60dbda39928e0b1d2b34f5348fd2cc45dbd1
SHA512

21ef860f7db41f4f61acc84166f49bffc4d07ef1e0268a5e64ec85e0b35c3d7392fbcdc9f195a0715e760e821a79e146911af2ee84df76465b7f81fda2330f53
SSDEEP

196608:9DJS+7sGPTbF7SWrQoNJ5oTa3veJKzlCrWWYxoy:9D3wATb9SmlvCCmJCYSWYx9

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7za.dll
unpack001/7za.exe
unpack001/iptest.exe

Files

929ee44f8304892fd97c10464d7a60dbda39928e0b1d2b34f5348fd2cc45dbd1
.zip
7za.dll
.dll windows:4 windows x86

5c29372647aa833f2e714ed7b4f6989b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

SysAllocStringByteLen
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
VariantCopy
VariantClear

user32

CharUpperW

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
exit
realloc
memset
strlen
wcscmp
memcpy
memmove
free
_CxxThrowException
malloc
memcmp
_purecall
__CxxFrameHandler

kernel32

CreateDirectoryW
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
SetEvent
CreateEventW
SetThreadAffinityMask
ResumeThread
WaitForSingleObject
InterlockedIncrement
GetVersion
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersionExW
GlobalMemoryStatus
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
WriteFile
ReadFile
GetFileInformationByHandle
GetLastError
CloseHandle
SetFileTime
CreateFileW
SetFileAttributesW
GetProcAddress
DeleteFileW
SetLastError
GetTempPathW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
FindClose
FindFirstFileW
GetModuleHandleA
GetFileAttributesW

Exports

Exports

CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetModuleProp
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode

Sections

.text
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7za.exe
.exe windows:4 windows x86

c444469cbe22275cfd4ded99c1be29d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VariantCopy
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
VariantClear

user32

CharPrevExA
CharUpperW

advapi32

OpenProcessToken
GetFileSecurityW
SetFileSecurityW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_beginthreadex
exit
realloc
_ftol
memset
strlen
wcscmp
wcsstr
strcmp
memmove
fputs
fputc
fflush
fgetc
_iob
free
malloc
memcmp
_purecall
memcpy
_CxxThrowException
__CxxFrameHandler
_isatty
_fileno

kernel32

SetThreadAffinityMask
CreateEventW
SetEvent
ResetEvent
CreateSemaphoreW
ReleaseSemaphore
InitializeCriticalSection
WaitForSingleObject
MoveFileW
InterlockedIncrement
GetVersion
VirtualFree
VirtualAlloc
GetOEMCP
LocalFileTimeToFileTime
SetConsoleMode
GetConsoleMode
GetVersionExW
SetFileApisToOEM
GetCommandLineW
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
DeleteCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
GetProcessTimes
OpenEventW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
SetProcessAffinityMask
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
IsProcessorFeaturePresent
GlobalMemoryStatus
GetSystemInfo
GetProcessAffinityMask
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
GetCurrentProcess
GetDiskFreeSpaceW
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryW
GetModuleFileNameW
LocalFree
FormatMessageW
CloseHandle
SetFileTime
CreateFileW
SetFileAttributesW
RemoveDirectoryW
GetProcAddress
GetModuleHandleW
CreateDirectoryW
DeleteFileW
SetLastError
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTempPathW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
FindClose
FindFirstFileW
FindNextFileW
GetModuleHandleA
GetFileAttributesW
GetFileInformationByHandle
GetLogicalDriveStringsW
GetFileSize
SetFilePointer
DeviceIoControl
ReadFile
WriteFile
SetEndOfFile
ResumeThread

Sections

.text
Size: 680KB - Virtual size: 680KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
curl-ca-bundle.crt
curl.exe
.exe windows:6 windows x86

33624eab1f986424a66172a054b87621

Code Sign

0f:07:dd:d7:18:7f:eb:e5:92:aa:9d:cb:35:81:8f:8a:94:06:ac:9d
Certificate

Issuer

CN=curl-for-win Root CA 2021

Not Before

17/01/2021, 22:40

Not After

17/01/2024, 22:40

Subject

CN=curl-for-win Code Signing Authority

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:08:26:c5:81:9f:76:fc:32:01:f2:dc:10:c9:a7:1e:73:c5:71:25
Certificate

Issuer

CN=curl-for-win Root CA 2021

Not Before

17/01/2021, 22:40

Not After

17/01/2026, 22:40

Subject

CN=curl-for-win Root CA 2021

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e3:41:82:bc:c6:e7:f5:8c:37:91:05:be:fe:7c:09:ed:bf:d6:b3:0b:19:6e:1e:61:77:2d:5a:1f:7b:7c:7f:4f:2f:08:cc:65:b6:8f:c7:0e:e8:36:c9:95:c5:22:ae:4a:8f:44:51:48:34:2a:f2:e7:cc:c4:a1:11:25:8d:95:2e
Signer

Actual PE Digest

e3:41:82:bc:c6:e7:f5:8c:37:91:05:be:fe:7c:09:ed:bf:d6:b3:0b:19:6e:1e:61:77:2d:5a:1f:7b:7c:7f:4f:2f:08:cc:65:b6:8f:c7:0e:e8:36:c9:95:c5:22:ae:4a:8f:44:51:48:34:2a:f2:e7:cc:c4:a1:11:25:8d:95:2e

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
DeregisterEventSource
RegisterEventSourceW
ReportEventW

bcrypt

BCryptGenRandom

crypt32

CertAddCertificateContextToStore
CertCloseStore
CertCreateCertificateChainEngine
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFindExtension
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertGetNameStringA
CertOpenStore
CertOpenSystemStoreA
CryptDecodeObjectEx
CryptQueryObject
CryptStringToBinaryA
PFXImportCertStore

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
CancelIo
CloseHandle
CompareFileTime
ConvertFiberToThread
ConvertThreadToFiberEx
CreateEventA
CreateFiberEx
CreateFileA
CreateFileMappingA
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFiber
EnterCriticalSection
FindClose
FindFirstFileW
FindFirstVolumeW
FindNextFileW
FindNextVolumeW
FindVolumeClose
FormatMessageW
FreeLibrary
GetACP
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceExW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetFileInformationByHandle
GetFileSizeEx
GetFileTime
GetFileType
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetTimeZoneInformation
GetVersion
GetVolumeInformationW
InitializeCriticalSection
InitializeCriticalSectionEx
InitializeSRWLock
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
Module32First
Module32Next
MoveFileExA
MultiByteToWideChar
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleA
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
ReleaseSRWLockShared
SearchPathA
SetConsoleCtrlHandler
SetConsoleMode
SetEndOfFile
SetFilePointer
SetFileTime
SetHandleInformation
SetLastError
SetUnhandledExceptionFilter
Sleep
SleepEx
SwitchToFiber
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualLock
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObjectEx
WaitNamedPipeA
WideCharToMultiByte
WriteConsoleW
WriteFile

normaliz

IdnToAscii
IdnToUnicode

api-ms-win-crt-conio-l1-1-0

_getch

api-ms-win-crt-convert-l1-1-0

atoi
mbrtowc
mbstowcs
strtod
strtol
strtoll
strtoul
wcrtomb
wcstombs

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron
getenv

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_stat64
_unlink
_mkdir
_access

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-locale-l1-1-0

localeconv
setlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdopen

api-ms-win-crt-private-l1-1-0

memchr
memcmp
memcpy
memmove
strchr
strrchr
strstr
wcsstr

api-ms-win-crt-runtime-l1-1-0

_set_app_type
__p___argc
__p___argv
__p___wargv
__p__acmdln
__sys_errlist
__sys_nerr
_beginthreadex
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_errno
_exit
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_errno
_set_invalid_parameter_handler
abort
exit
raise
signal
strerror
_getpid

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vswprintf
_fileno
_get_osfhandle
_lseeki64
_telli64
_wfopen
_write
fclose
feof
ferror
fflush
fgets
fopen
fputc
fputs
fread
fseek
ftell
fwrite
getc
putchar
puts
rewind
setvbuf
_write
_setmode
_setmode
_read
_open
_isatty
_fileno
_close

api-ms-win-crt-string-l1-1-0

isspace
memset
strcat
strcmp
strcpy
strcspn
strlen
strncmp
strncpy
strpbrk
strspn
strtok
tolower
wcscpy
wcslen
_stricmp
_strdup
_strdup

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_difftime64
_gmtime64
_localtime64
_time64
_tzset
strftime

api-ms-win-crt-utility-l1-1-0

qsort

user32

FindWindowA
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
SendMessageA

wldap32

ber_free
ldap_bind_s
ldap_err2string
ldap_first_attribute
ldap_first_entry
ldap_get_dn
ldap_get_values_len
ldap_init
ldap_memfree
ldap_msgfree
ldap_next_attribute
ldap_next_entry
ldap_search_s
ldap_set_option
ldap_simple_bind_s
ldap_sslinit
ldap_unbind_s
ldap_value_free_len

ws2_32

WSACleanup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAIoctl
WSAResetEvent
WSASetEvent
WSASetLastError
WSAStartup
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostbyname
gethostname
getpeername
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
inet_ntop
inet_pton
ioctlsocket
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1013KB - Virtual size: 1012KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eh_fram
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iptest.exe
.exe windows:6 windows x64

f0ea7b7844bbc5bfa9bb32efdcea957c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 239KB - Virtual size: 611KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libcurl.dll
.dll windows:6 windows x86

603dcf9e5cf47aec3866b5539a2d6dfb

Code Sign

0f:07:dd:d7:18:7f:eb:e5:92:aa:9d:cb:35:81:8f:8a:94:06:ac:9d
Certificate

Issuer

CN=curl-for-win Root CA 2021

Not Before

17/01/2021, 22:40

Not After

17/01/2024, 22:40

Subject

CN=curl-for-win Code Signing Authority

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:08:26:c5:81:9f:76:fc:32:01:f2:dc:10:c9:a7:1e:73:c5:71:25
Certificate

Issuer

CN=curl-for-win Root CA 2021

Not Before

17/01/2021, 22:40

Not After

17/01/2026, 22:40

Subject

CN=curl-for-win Root CA 2021

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:bd:33:42:dc:da:94:cc:0d:f9:f8:d0:10:25:f7:94:32:04:57:f2:ef:72:d2:f0:4b:10:57:a3:2a:96:04:b1:aa:07:6d:25:f9:d8:db:25:9a:ee:b3:7a:d6:70:52:35:2c:3f:de:a3:a6:2b:2f:eb:76:9e:d7:bb:42:34:e1:49
Signer

Actual PE Digest

0e:bd:33:42:dc:da:94:cc:0d:f9:f8:d0:10:25:f7:94:32:04:57:f2:ef:72:d2:f0:4b:10:57:a3:2a:96:04:b1:aa:07:6d:25:f9:d8:db:25:9a:ee:b3:7a:d6:70:52:35:2c:3f:de:a3:a6:2b:2f:eb:76:9e:d7:bb:42:34:e1:49

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
DeregisterEventSource
RegisterEventSourceW
ReportEventW

bcrypt

BCryptGenRandom

crypt32

CertAddCertificateContextToStore
CertCloseStore
CertCreateCertificateChainEngine
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFindExtension
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertGetNameStringA
CertOpenStore
CertOpenSystemStoreA
CryptDecodeObjectEx
CryptQueryObject
CryptStringToBinaryA
PFXImportCertStore

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
CancelIo
CloseHandle
CompareFileTime
ConvertFiberToThread
ConvertThreadToFiberEx
CreateEventA
CreateFiberEx
CreateFileA
CreateFileMappingA
DeleteCriticalSection
DeleteFiber
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
FreeLibrary
GetACP
GetConsoleMode
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetEnvironmentVariableW
GetFileSizeEx
GetFileType
GetLastError
GetModuleHandleA
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetTimeZoneInformation
GetVersion
InitializeCriticalSection
InitializeCriticalSectionEx
InitializeSRWLock
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
MoveFileExA
MultiByteToWideChar
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleA
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
ReleaseSRWLockShared
SetConsoleMode
SetHandleInformation
SetLastError
Sleep
SleepEx
SwitchToFiber
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualLock
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObjectEx
WaitNamedPipeA
WideCharToMultiByte
WriteFile

normaliz

IdnToAscii
IdnToUnicode

api-ms-win-crt-convert-l1-1-0

atoi
mbrtowc
mbstowcs
strtol
strtoll
strtoul
wcrtomb
wcstombs

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron
getenv

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_stat64
_unlink
_access

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-locale-l1-1-0

localeconv
setlocale

api-ms-win-crt-math-l1-1-0

_fdopen

api-ms-win-crt-private-l1-1-0

memchr
memcmp
memcpy
memmove
strchr
strrchr
strstr
wcsstr

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
__sys_errlist
__sys_nerr
_beginthreadex
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_errno
_execute_onexit_table
_exit
_initialize_narrow_environment
_initialize_onexit_table
_initialize_wide_environment
_initterm
_register_onexit_function
abort
raise
signal
strerror
_getpid

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vswprintf
_fileno
_lseeki64
_wfopen
_write
fclose
feof
ferror
fflush
fgets
fopen
fputc
fputs
fread
fseek
ftell
fwrite
rewind
setvbuf
_write
_setmode
_read
_open
_close

api-ms-win-crt-string-l1-1-0

isspace
memset
strcat
strcmp
strcpy
strcspn
strlen
strncmp
strncpy
strpbrk
strspn
tolower
wcscpy
wcslen
_strdup
_strdup

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_difftime64
_gmtime64
_time64
_tzset
strftime

api-ms-win-crt-utility-l1-1-0

qsort

user32

FindWindowA
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
SendMessageA

wldap32

ber_free
ldap_bind_s
ldap_err2string
ldap_first_attribute
ldap_first_entry
ldap_get_dn
ldap_get_values_len
ldap_init
ldap_memfree
ldap_msgfree
ldap_next_attribute
ldap_next_entry
ldap_search_s
ldap_set_option
ldap_simple_bind_s
ldap_sslinit
ldap_unbind_s
ldap_value_free_len

ws2_32

WSACleanup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAIoctl
WSAResetEvent
WSASetEvent
WSASetLastError
WSAStartup
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostbyname
gethostname
getpeername
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
inet_ntop
inet_pton
ioctlsocket
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_header
curl_easy_init
curl_easy_nextheader
curl_easy_option_by_id
curl_easy_option_by_name
curl_easy_option_next
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_pushheader_byname
curl_pushheader_bynum
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_url_strerror
curl_version
curl_version_info
curl_ws_meta
curl_ws_recv
curl_ws_send

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 909KB - Virtual size: 909KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eh_fram
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
locations.json
txt.zip
.zip
批处理启动iptest.bat
.bat .vbs

Sharing

General

Malware Config

Signatures

Files

5c29372647aa833f2e714ed7b4f6989b

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

user32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 236KB - Virtual size: 236KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 512B - Virtual size: 18KB

.sxdata Size: 512B - Virtual size: 4B

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 10KB - Virtual size: 9KB

c444469cbe22275cfd4ded99c1be29d1

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

user32

advapi32

msvcrt

kernel32

Sections

.text Size: 680KB - Virtual size: 680KB

.rdata Size: 87KB - Virtual size: 86KB

.data Size: 2KB - Virtual size: 28KB

.sxdata Size: 512B - Virtual size: 4B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 29KB - Virtual size: 28KB

33624eab1f986424a66172a054b87621

Code Sign

0f:07:dd:d7:18:7f:eb:e5:92:aa:9d:cb:35:81:8f:8a:94:06:ac:9dCertificate

Extended Key Usages

Key Usages

05:08:26:c5:81:9f:76:fc:32:01:f2:dc:10:c9:a7:1e:73:c5:71:25Certificate

Key Usages

e3:41:82:bc:c6:e7:f5:8c:37:91:05:be:fe:7c:09:ed:bf:d6:b3:0b:19:6e:1e:61:77:2d:5a:1f:7b:7c:7f:4f:2f:08:cc:65:b6:8f:c7:0e:e8:36:c9:95:c5:22:ae:4a:8f:44:51:48:34:2a:f2:e7:cc:c4:a1:11:25:8d:95:2eSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

bcrypt

crypt32

kernel32

normaliz

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

user32

wldap32

ws2_32

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 1013KB - Virtual size: 1012KB

.data Size: 20KB - Virtual size: 33KB

.eh_fram Size: 7KB - Virtual size: 7KB

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 236KB - Virtual size: 236KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 512B - Virtual size: 18KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 10KB - Virtual size: 9KB

.text
Size: 680KB - Virtual size: 680KB

.rdata
Size: 87KB - Virtual size: 86KB

.data
Size: 2KB - Virtual size: 28KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 29KB - Virtual size: 28KB

0f:07:dd:d7:18:7f:eb:e5:92:aa:9d:cb:35:81:8f:8a:94:06:ac:9d
Certificate

05:08:26:c5:81:9f:76:fc:32:01:f2:dc:10:c9:a7:1e:73:c5:71:25
Certificate

e3:41:82:bc:c6:e7:f5:8c:37:91:05:be:fe:7c:09:ed:bf:d6:b3:0b:19:6e:1e:61:77:2d:5a:1f:7b:7c:7f:4f:2f:08:cc:65:b6:8f:c7:0e:e8:36:c9:95:c5:22:ae:4a:8f:44:51:48:34:2a:f2:e7:cc:c4:a1:11:25:8d:95:2e
Signer

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 1013KB - Virtual size: 1012KB

.data
Size: 20KB - Virtual size: 33KB

.eh_fram
Size: 7KB - Virtual size: 7KB

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 148KB - Virtual size: 148KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 2.3MB - Virtual size: 2.3MB

.data
Size: 239KB - Virtual size: 611KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 41KB - Virtual size: 40KB

.symtab
Size: 512B - Virtual size: 4B

0f:07:dd:d7:18:7f:eb:e5:92:aa:9d:cb:35:81:8f:8a:94:06:ac:9d
Certificate

05:08:26:c5:81:9f:76:fc:32:01:f2:dc:10:c9:a7:1e:73:c5:71:25
Certificate

0e:bd:33:42:dc:da:94:cc:0d:f9:f8:d0:10:25:f7:94:32:04:57:f2:ef:72:d2:f0:4b:10:57:a3:2a:96:04:b1:aa:07:6d:25:f9:d8:db:25:9a:ee:b3:7a:d6:70:52:35:2c:3f:de:a3:a6:2b:2f:eb:76:9e:d7:bb:42:34:e1:49
Signer

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 909KB - Virtual size: 909KB

.data
Size: 25KB - Virtual size: 36KB

.eh_fram
Size: 7KB - Virtual size: 7KB

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 141KB - Virtual size: 140KB