E:\工具\免杀\免杀思路\libcurl\Release\libcurl.pdb
Behavioral task
behavioral1
Sample
5327aaa8ae666d71d5e05932d348b7c78a2cc5abb927a1036f90a444d06ab509.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5327aaa8ae666d71d5e05932d348b7c78a2cc5abb927a1036f90a444d06ab509.dll
Resource
win10v2004-20240412-en
General
-
Target
5327aaa8ae666d71d5e05932d348b7c78a2cc5abb927a1036f90a444d06ab509
-
Size
12KB
-
MD5
e409740ca973a2374a137b62622261f2
-
SHA1
fbd8b7950064d2424e42b5293c7658ce14eac713
-
SHA256
5327aaa8ae666d71d5e05932d348b7c78a2cc5abb927a1036f90a444d06ab509
-
SHA512
17e916132794bbf465281b59e7ba39f5cdf663496cda37b90faeca2c2729fc28326f07d52b7bb0fc33f91cf0279821c542cbcac5347b2b0f8db3072943cf4b9b
-
SSDEEP
192:izTyH59ZEOGECXOh7nsrdnD1QW6jOMeS09iL03DyIjJRtdt:izTyH2PSsrt18jxlIWIPtn
Malware Config
Extracted
cobaltstrike
http://192.168.132.130:12345/3vhL
-
user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Signatures
-
Cobaltstrike family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 5327aaa8ae666d71d5e05932d348b7c78a2cc5abb927a1036f90a444d06ab509
Files
-
5327aaa8ae666d71d5e05932d348b7c78a2cc5abb927a1036f90a444d06ab509.dll windows:6 windows x86 arch:x86
de2872d71a84c81deab0a4c4335a3ec7
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
WriteProcessMemory
GetCurrentProcess
VirtualAlloc
TerminateProcess
ResumeThread
CloseHandle
GetThreadContext
VirtualAllocEx
CreateProcessA
SetThreadContext
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
vcruntime140
memset
_except_handler4_common
__std_type_info_destroy_list
api-ms-win-crt-runtime-l1-1-0
_initterm
_cexit
_execute_onexit_table
_initialize_onexit_table
_configure_narrow_argv
_initialize_narrow_environment
_seh_filter_dll
_initterm_e
Exports
Exports
curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_option_by_id
curl_easy_option_by_name
curl_easy_option_next
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_pushheader_byname
curl_pushheader_bynum
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_version
curl_version_info
Sections
.text Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 912B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 248B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 344B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ