Curport[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Curport.zip
Size

8.5MB
MD5

22181e9748108caccf0a56a625f46d1c
SHA1

2a14bc6907cd3903372457c60b2d02c989beb2f8
SHA256

b9d49ed3355f6605efa7141fc87d3641fd9c3f9d5735105e78655ea3530c33e1
SHA512

d6bbf820ad00073b165cd29568518130c8a1bf6538bc979525acb4ab9f7d9122c2ac752f0d8e08806c9ed8fcd887d273f972a69bcb3400dd3337b98974502867
SSDEEP

196608:Mxcj4KPwh+em9pfyjznk9maqlCfIBG90NJgS+wabb3gYZh:M+j4wA+9bfIEmaqIE+hvT

Score

10^/10

pyinstaller upx

Malware Config

Signatures

Nirsoft 2 IoCs

resource	yara_rule
static1/unpack001/Curport/file/x64/cports.exe	Nirsoft
static1/unpack003/out.upx	Nirsoft

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Curport/file/x86/cports.exe	upx

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/Curport/Curport.exe	pyinstaller

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Curport/Curport.exe
unpack001/Curport/file/x64/cports.exe
unpack001/Curport/file/x86/cports.exe
unpack003/out.upx

Files

Curport.zip
.zip
Curport/Curport.exe
.exe windows:5 windows x64 arch:x64

1af6c885af093afc55142c2f1761dbe8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

IsValidCodePage
GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
GetACP
GetOEMCP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
CreateSymbolicLinkW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
GetCPInfo
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
autorun_p.pyc
Curport/file/x64/cports.chm
.chm
Curport/file/x64/cports.exe
.exe windows:4 windows x64 arch:x64

4a500d95863d8dfb74eacddfef98e0bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\cports\x64\Release\cports.pdb

Imports

msvcrt

__set_app_type
_acmdln
_fmode
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
qsort
_strlwr
_itoa
_atoi64
memmove
_mbsicmp
_mbscmp
strrchr
strcmp
malloc
strtoul
free
modf
_stricmp
_mbschr
_commode
__setusermatherr
_initterm
exit
__getmainargs
_mbsrchr
_memicmp
_purecall
strlen
_ultoa
memcpy
memcmp
strncmp
atoi
_strcmpi
strchr
sprintf
strcpy
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memset
_mbsnbcat
_snprintf
strcat
fopen
fread
fprintf
ferror
ftell
fclose
_errno

ws2_32

inet_addr
WSAGetLastError
htons
connect
getservbyport
WSAStartup
WSACleanup
WSAAsyncSelect
gethostbyaddr
closesocket
WSASetLastError

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

ord6
ImageList_Add
ImageList_ReplaceIcon
ord17
ImageList_AddMasked
ImageList_Create
ImageList_SetImageCount
CreateToolbarEx

kernel32

GlobalAlloc
GetStartupInfoA
TerminateProcess
CreateFileA
GetProcessHeap
GetCurrentThread
HeapFree
UnmapViewOfFile
MapViewOfFile
DuplicateHandle
DeviceIoControl
CreateEventA
GetThreadSelectorEntry
CreateThread
ResumeThread
ReadProcessMemory
GetCurrentProcess
ExitProcess
GetCurrentProcessId
Sleep
DeleteFileA
WinExec
GetStdHandle
GetPrivateProfileStringA
GetPrivateProfileIntA
EnumResourceNamesA
WritePrivateProfileStringA
GetLocaleInfoA
GetLastError
GetVersionExA
FindFirstFileA
GlobalLock
FindResourceA
GetTimeFormatA
GlobalUnlock
SetFilePointer
LockResource
GetFileAttributesA
GetModuleHandleA
GetTickCount
GetSystemTimeAsFileTime
OpenProcess
WideCharToMultiByte
CloseHandle
CompareFileTime
FileTimeToLocalFileTime
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetFileSize
FileTimeToSystemTime
FreeLibrary
LoadLibraryA
GetTempPathA
GetNumberFormatA
LocalFree
FormatMessageA
GetModuleFileNameA
FindNextFileA
LoadResource
GetWindowsDirectoryA
lstrcpyA
ReadFile
GetTempFileNameA
GetDateFormatA
GetSystemDirectoryA
FindClose
WriteFile
LoadLibraryExA
lstrlenA

user32

EmptyClipboard
SetForegroundWindow
GetMessageA
PostMessageA
RemoveMenu
MessageBeep
SetTimer
DispatchMessageA
WindowFromPoint
ReleaseCapture
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageA
InsertMenuA
MonitorFromWindow
GetMonitorInfoA
UpdateWindow
DrawTextExA
SetCapture
KillTimer
IsDialogMessageA
TranslateMessage
SetWindowPlacement
CreatePopupMenu
SetMenuItemInfoA
GetKeyState
GetMenuItemInfoA
DestroyWindow
ShowWindow
EnumChildWindows
ChildWindowFromPoint
ReleaseDC
GetDC
GetSysColorBrush
LoadCursorA
SetWindowPos
GetWindowPlacement
GetSystemMetrics
BeginPaint
GetWindow
GetWindowTextLengthA
GetClientRect
SetDlgItemTextA
DrawFrameControl
GetDlgItemTextA
SetWindowTextA
DeferWindowPos
SendDlgItemMessageA
GetWindowRect
GetDlgItemInt
EndDialog
GetDlgItem
EndPaint
CreateWindowExA
InvalidateRect
SetDlgItemInt
SetMenu
LoadAcceleratorsA
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
RegisterClassA
GetWindowTextA
LoadIconA
FindWindowA
IsWindowVisible
EnumWindows
GetWindowThreadProcessId
SendMessageA
GetWindowLongA
SetWindowLongA
DestroyIcon
LoadImageA
GetSysColor
BeginDeferWindowPos
EndDeferWindowPos
SetFocus
GetMenuStringA
SetClipboardData
EnableWindow
CheckMenuRadioItem
MapWindowPoints
GetCursorPos
MoveWindow
GetMenu
OpenClipboard
InsertMenuItemA
CheckMenuItem
SetCursor
EnableMenuItem
GetParent
GetMenuItemCount
GetSubMenu
GetClassNameA
CloseClipboard
LoadMenuA
ModifyMenuA
LoadStringA
DialogBoxParamA
GetDlgCtrlID
DestroyMenu
CreateDialogParamA

gdi32

GetStockObject
GetTextExtentPoint32A
SetBkColor
CreateCompatibleBitmap
SetStretchBltMode
StretchBlt
SetPixel
SelectObject
CreateCompatibleDC
GetPixel
GetObjectA
DeleteDC
SetBkMode
DeleteObject
SetTextColor
GetDeviceCaps
CreateFontIndirectA

comdlg32

GetSaveFileNameA
FindTextA
ChooseFontA

advapi32

RegDeleteKeyA

shell32

ExtractIconExA
ShellExecuteExA
ShellExecuteA
SHGetFileInfoA
Shell_NotifyIconA

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Curport/file/x86/cports.chm
.chm
Curport/file/x86/cports.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1af6c885af093afc55142c2f1761dbe8

Headers

DLL Characteristics

File Characteristics

Imports

user32

comctl32

kernel32

advapi32

gdi32

Sections

.text Size: 167KB - Virtual size: 167KB

.rdata Size: 75KB - Virtual size: 75KB

.data Size: 3KB - Virtual size: 12KB

.pdata Size: 9KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 101KB - Virtual size: 100KB

.reloc Size: 2KB - Virtual size: 1KB

4a500d95863d8dfb74eacddfef98e0bb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ws2_32

version

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 152KB - Virtual size: 151KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 3KB - Virtual size: 18KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 23KB - Virtual size: 23KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 112KB

UPX1 Size: 72KB - Virtual size: 72KB

.rsrc Size: 5KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 106KB - Virtual size: 106KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 2KB - Virtual size: 16KB

.rsrc Size: 23KB - Virtual size: 23KB

.text
Size: 167KB - Virtual size: 167KB

.rdata
Size: 75KB - Virtual size: 75KB

.data
Size: 3KB - Virtual size: 12KB

.pdata
Size: 9KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 101KB - Virtual size: 100KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 152KB - Virtual size: 151KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 3KB - Virtual size: 18KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 23KB - Virtual size: 23KB

UPX0
Size: - Virtual size: 112KB

UPX1
Size: 72KB - Virtual size: 72KB

.rsrc
Size: 5KB - Virtual size: 8KB

.text
Size: 106KB - Virtual size: 106KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 2KB - Virtual size: 16KB

.rsrc
Size: 23KB - Virtual size: 23KB