76882c53bcbdf2dc5c8127c837086df2494b4ee1eda1979e55b371dc7d3ffbba

Sharing

Copy URL Twitter E-mail

General

Target

76882c53bcbdf2dc5c8127c837086df2494b4ee1eda1979e55b371dc7d3ffbba
Size

470KB
MD5

c0fe1d04424b8f93aa3d6924d8628e6f
SHA1

cc37f0c33373914b86a3f70d75fd158c3f08c53e
SHA256

76882c53bcbdf2dc5c8127c837086df2494b4ee1eda1979e55b371dc7d3ffbba
SHA512

c65082bc368797b5e6dd19f22753797cd62a60427ef027e93e9f154a1dfcc392ce4184a0ac6e324ad527c38edeb85655b122b4e0500298c4896bc00ca2ee0adb
SSDEEP

12288:S2smMw0sg/nCBxGSXVjlQ0TC3i0ycoBn3EFesBmtQGaTBL79BXgUVP6ExiBjvrEb:SqUcG5i0USL7HXglE+rEH7DUy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76882c53bcbdf2dc5c8127c837086df2494b4ee1eda1979e55b371dc7d3ffbba

Files

76882c53bcbdf2dc5c8127c837086df2494b4ee1eda1979e55b371dc7d3ffbba
.dll windows:5 windows x86 arch:x86

21593a2f97a143a70b32924196ae6520

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\01_GitCode\02_AftersalesTools\01_SLA\Release\CustLibCurl.pdb

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
Sleep
FormatMessageW
SetLastError
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
GetModuleHandleW
QueryPerformanceFrequency
SleepEx
CloseHandle
WaitForSingleObject
GetTickCount
QueryPerformanceCounter
VerifyVersionInfoW
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
MoveFileExW
GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetEnvironmentVariableA
GetSystemTimeAsFileTime
CompareFileTime
VerSetConditionMask

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Xout_of_range@std@@YAXPBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?uncaught_exception@std@@YA_NXZ
?flags@ios_base@std@@QBEHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

libcrypto-1_1

ENGINE_free
ENGINE_finish
ENGINE_by_id
ENGINE_get_id
ENGINE_set_default
ENGINE_get_next
ENGINE_get_first
CRYPTO_free
ASN1_STRING_to_UTF8
ENGINE_init
ASN1_STRING_type
X509_NAME_ENTRY_get_data
X509_NAME_get_entry
X509_NAME_get_index_by_NID
X509_get_subject_name
GENERAL_NAMES_free
ASN1_STRING_length
ASN1_STRING_get0_data
X509_get_ext_d2i
ERR_get_error
ENGINE_ctrl
BIO_s_mem
BIO_new
X509_NAME_print_ex
BIO_ctrl
ERR_clear_error
PEM_read_bio_X509_AUX
ERR_peek_error
ERR_peek_last_error
PEM_read_bio_PrivateKey
d2i_PrivateKey_bio
EVP_PKEY_free
BIO_new_mem_buf
d2i_X509_bio
PEM_read_bio_X509
X509_free
BIO_free
UI_method_get_writer
UI_get_string_type
UI_get0_user_data
UI_get_input_flags
UI_set_result
UI_OpenSSL
UI_method_get_reader
RAND_load_file
RAND_add
RAND_file_name
RAND_status
CRYPTO_get_ex_new_index
ERR_error_string_n
OPENSSL_sk_pop_free
OPENSSL_sk_pop
OPENSSL_sk_value
OPENSSL_sk_num
MD4_Init
MD4_Update
MD4_Final
SHA256_Init
SHA256_Update
SHA256_Final
MD5_Init
MD5_Update
MD5_Final
DES_ecb_encrypt
DES_set_odd_parity
DES_set_key
d2i_X509
X509_LOOKUP_file
X509_STORE_add_lookup
X509_load_crl_file
CRYPTO_malloc
X509_STORE_set_flags
ENGINE_ctrl_cmd
d2i_PKCS12_bio
PKCS12_PBE_add
PKCS12_parse
PKCS12_free
UI_create_method
UI_method_get_opener
UI_method_set_opener
UI_method_get_closer
UI_method_set_closer
UI_method_set_reader
UI_method_set_writer
ENGINE_load_private_key
UI_destroy_method
EVP_PKEY_copy_parameters
EVP_PKEY_get1_RSA
RSA_flags
RSA_free
EVP_MD_CTX_new
EVP_sha256
EVP_DigestInit
EVP_DigestUpdate
EVP_DigestFinal_ex
EVP_MD_CTX_free
RAND_bytes
OpenSSL_version_num
BIO_s_file
i2d_X509_PUBKEY
X509_get_issuer_name
X509_get_version
BIO_printf
X509_get_serialNumber
BIO_puts
X509_get0_signature
i2a_ASN1_OBJECT
X509_get_X509_PUBKEY
X509_PUBKEY_get0_param
X509_get0_extensions
X509_get0_notBefore
ASN1_TIME_print
X509_get0_notAfter
X509_get_pubkey
EVP_PKEY_id
EVP_PKEY_get0_DSA
DSA_get0_pqg
DSA_get0_key
EVP_PKEY_get0_DH
DH_get0_pqg
DH_get0_key
EVP_PKEY_get0_RSA
RSA_get0_key
BN_num_bits
PEM_write_bio_X509
X509_EXTENSION_get_object
X509V3_EXT_print
X509_EXTENSION_get_data
ASN1_STRING_print
BN_print
i2t_ASN1_OBJECT
X509_verify_cert_error_string
PEM_X509_INFO_read_bio
X509_STORE_add_cert
X509_STORE_add_crl
X509_INFO_free
d2i_OCSP_RESPONSE
OCSP_response_status
OCSP_response_status_str
OCSP_response_get1_basic
OCSP_basic_verify
X509_check_issued
EVP_sha1
OCSP_cert_to_id
OCSP_resp_find_status
OCSP_CERTID_free
OCSP_check_validity
OCSP_cert_status_str
OCSP_crl_reason_str
OCSP_BASICRESP_free
OCSP_RESPONSE_free

libssl-1_1

SSL_write
TLS_client_method
SSL_CTX_new
SSL_CTX_set_msg_callback
SSL_CTX_set_options
SSL_CTX_set_next_proto_select_cb
SSL_CTX_set_alpn_protos
SSL_CTX_set_cipher_list
SSL_CTX_set_ciphersuites
SSL_CTX_set_post_handshake_auth
SSL_CTX_load_verify_locations
SSL_CTX_set_verify
SSL_CTX_set_keylog_callback
SSL_CTX_sess_set_new_cb
SSL_set_session
BIO_f_ssl
SSL_set_bio
SSL_set_fd
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_default_passwd_cb
SSL_CTX_use_certificate_file
SSL_CTX_check_private_key
SSL_CTX_add_client_CA
SSL_CTX_use_PrivateKey_file
SSL_new
SSL_get_certificate
SSL_get_privatekey
SSL_set_ex_data
SSL_pending
SSL_connect
SSL_get_verify_result
SSL_get_current_cipher
SSL_CIPHER_get_name
SSL_get_version
SSL_get0_alpn_selected
SSL_get_ex_data
SSL_alert_desc_string_long
SSL_ctrl
SSL_get_peer_cert_chain
SSL_CTX_get_cert_store
SSL_get_peer_certificate
SSL_SESSION_free
SSL_get_error
SSL_get_shutdown
SSL_read
SSL_shutdown
SSL_set_connect_state
SSL_free
SSL_CTX_free
OPENSSL_init_ssl
SSL_CTX_ctrl
SSL_CTX_use_PrivateKey
SSL_CTX_use_certificate
SSL_CTX_use_certificate_chain_file

ws2_32

ioctlsocket
__WSAFDIsSet
select
recvfrom
sendto
htonl
listen
accept
getaddrinfo
freeaddrinfo
WSASetLastError
connect
socket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
recv
WSACloseEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAResetEvent
WSACreateEvent
WSAStartup
WSACleanup
WSAGetLastError
send
closesocket
gethostname

wldap32

ord14
ord219
ord145
ord208
ord26
ord133
ord147
ord127
ord142
ord79
ord167
ord301
ord27
ord41
ord46
ord216
ord117

crypt32

CertCloseStore
CertOpenSystemStoreW
CertEnumCertificatesInStore
CertGetIntendedKeyUsage
CertFreeCertificateContext
CertGetEnhancedKeyUsage

msvcr100

_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_except_handler4_common
?terminate@@YAXXZ
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
strftime
setvbuf
_strtoi64
_gmtime64
fgets
strspn
strcspn
_lseeki64
_fstat64
strpbrk
_getpid
_waccess
_wstat64
_wfopen
_wopen
fflush
_CxxThrowException
fputc
sprintf
atoi
qsort
sscanf
_time64
feof
strtol
tolower
strtoul
strncmp
fseek
ftell
strstr
wcspbrk
_errno
__sys_nerr
strerror
strrchr
wcstombs
strchr
strncpy
fwrite
memcpy
memset
_wcsdup
realloc
calloc
__iob_func
fprintf
fread
fclose
fputs
fopen
memchr
memmove
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
??3@YAXPAX@Z
free
malloc
_close
_unlink
_write
_read
_beginthreadex
_strdup
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CxxFrameHandler3

Exports

Exports

CleanupCurl
HttpGetAPI
HttpGetToFileAPI
HttpGetWithHeaderAPI
HttpGetWithHeaderExAPI
HttpPostAPI
HttpPostWithHeaderAPI
HttpPostWithHeaderExAPI
HttpPutAPI
HttpPutWithHeaderAPI
HttpPutWithHeaderExAPI
InitCurl

Sections

.text
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21593a2f97a143a70b32924196ae6520

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcp100

libcrypto-1_1

libssl-1_1

ws2_32

wldap32

crypt32

msvcr100

Exports

Exports

Sections

.text Size: 320KB - Virtual size: 320KB

.rdata Size: 56KB - Virtual size: 56KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 320KB - Virtual size: 320KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 14KB