curses[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

curses.zip
Size

4.6MB
MD5

0b0ae523321f1c97530facecefe33a97
SHA1

30547d786a9794b223555b93811dbc954c42bc0c
SHA256

d5059997ab0744af8a62a171e8c79f97da9b354f4482c6e9175feabaca3cbae0
SHA512

c421ebca5d4e395d9789fcda0df2e76d1817c29becc57a9e139efcc068657b29551a80571b6d135a2a8dcabca8e6680838a991156ae67d4bdedd75ccc3ea686b
SSDEEP

98304:lbQskPsI129/bWvSG5hXkeBLBeLEhXZGBbKe8f3/bZIH5Au5XtHSf/Ljy6Sls:lsskBO/aKG5hUGeLEHGKHbs5TXtHa/Lp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/curses.exe

Files

curses.zip
.zip
curses.exe
.exe windows:6 windows x64 arch:x64

b9e053393c47c480d692ae999bc0a2a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SleepConditionVariableSRW
SetEvent
InitializeSListHead
WakeAllConditionVariable
TryAcquireSRWLockExclusive
RtlVirtualUnwind
FindClose
FormatMessageW
LocalFree
SetEnvironmentVariableW
CopyFileExW
DeleteFileW
GetFileInformationByHandleEx
MoveFileExW
RemoveDirectoryW
GetCurrentProcess
DuplicateHandle
SetFileInformationByHandle
IsDebuggerPresent
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
TerminateProcess
RtlUnwindEx
PostQueuedCompletionStatus
CreateEventW
ReadFile
WaitForMultipleObjects
GetOverlappedResult
WaitForSingleObject
GetExitCodeProcess
CloseHandle
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetConsoleMode
SetConsoleMode
GetStdHandle
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
lstrlenW
SetHandleInformation
CreateEventA
WaitForMultipleObjectsEx
RtlPcToFileHeader
GetQueuedCompletionStatusEx
RaiseException
LoadLibraryExW
GetCurrentThreadId
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetModuleHandleA
GetProcAddress
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
Sleep
TlsSetValue
HeapReAlloc
OutputDebugStringW
OutputDebugStringA
LCIDToLocaleName
GetUserDefaultUILanguage
FreeLibrary
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
HeapFree
HeapAlloc
GetProcessHeap
GetSystemInfo
GetModuleHandleW
LoadLibraryW
SwitchToThread
GetFileType
GetCurrentThread
MultiByteToWideChar
WriteConsoleW
SetLastError
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
ReleaseMutex
GetEnvironmentVariableW
RtlLookupFunctionEntry
GetTempPathW
GetModuleFileNameW
GetCommandLineW
CreateFileW
GetFileInformationByHandle
GetFullPathNameW
GetFinalPathNameByHandleW
FindNextFileW
CreateDirectoryW
FindFirstFileW
ReleaseSRWLockShared
AcquireSRWLockShared
RtlCaptureContext
GetCurrentDirectoryW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
CancelIo
ExitProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
TlsFree

oleaut32

GetErrorInfo
SysStringLen
SysFreeString
SysAllocStringLen
SetErrorInfo

user32

GetMessageA
DispatchMessageA
GetActiveWindow
SendMessageW
SetMenu
AppendMenuW
CreateMenu
GetCursorPos
RegisterHotKey
UnregisterHotKey
PostMessageW
ShowCursor
ClipCursor
GetClipCursor
SystemParametersInfoA
PostQuitMessage
FlashWindowEx
ShowWindow
SetWindowLongW
GetSystemMenu
GetWindowLongPtrW
ToUnicodeEx
GetKeyboardLayout
SetMenuItemInfoW
DestroyIcon
GetDC
CreateIcon
VkKeyScanW
RegisterClassExW
MessageBoxA
MapVirtualKeyExW
GetMenu
GetKeyState
ClientToScreen
AdjustWindowRectEx
RegisterWindowMessageA
CheckMenuItem
RedrawWindow
MonitorFromWindow
GetWindowRect
IsWindowVisible
IsIconic
SetWindowTextW
GetAsyncKeyState
DestroyAcceleratorTable
GetKeyboardState
EnableMenuItem
ReleaseCapture
MonitorFromPoint
EnumChildWindows
GetClientRect
RegisterTouchWindow
GetSystemMetrics
IsWindow
InvalidateRgn
SetWindowPlacement
ChangeDisplaySettingsExW
GetUpdateRect
ValidateRect
GetRawInputData
GetMonitorInfoW
CreateAcceleratorTableW
SetWindowPos
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
DestroyWindow
TrackMouseEvent
SetCapture
MonitorFromRect
GetWindowPlacement
GetWindowLongW
IsProcessDPIAware
DefWindowProcW
TranslateAcceleratorW
GetAncestor
RegisterRawInputDevices
SetWindowLongPtrW
CreateWindowExW
MsgWaitForMultipleObjectsEx
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
GetForegroundWindow
SetForegroundWindow
SetCursor
LoadCursorW
SetCursorPos
GetWindowTextW
SetWindowDisplayAffinity
EnumDisplayMonitors
GetWindowTextLengthW
SendInput
MapVirtualKeyW

ole32

PropVariantClear
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoInitialize
RegisterDragDrop
OleInitialize
CoCreateInstance
RevokeDragDrop
CreateStreamOnHGlobal
CoTaskMemAlloc

ws2_32

bind
listen
WSAGetLastError
accept
WSASocketW
closesocket
getsockname
getpeername
ioctlsocket
WSAIoctl
WSASend
send
recv
connect
getsockopt
shutdown
sendto
getaddrinfo
freeaddrinfo
WSAStartup
setsockopt
WSACleanup

bcrypt

BCryptGenRandom

comctl32

TaskDialogIndirect
RemoveWindowSubclass
SetWindowSubclass
DefSubclassProc

shell32

SHCreateItemFromParsingName
SHAppBarMessage
ShellExecuteW
SHGetKnownFolderPath
DragQueryFileW
DragFinish

gdi32

DeleteObject
CreateRectRgn
GetDeviceCaps

dwmapi

DwmExtendFrameIntoClientArea
DwmEnableBlurBehindWindow

crypt32

CertCloseStore
CertOpenStore
CertAddCertificateContextToStore
CertDuplicateStore
CertEnumCertificatesInStore
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertDuplicateCertificateContext
CertDuplicateCertificateChain

iphlpapi

GetIpForwardTable
GetAdaptersAddresses

ntdll

RtlNtStatusToDosError
NtDeviceIoControlFile
NtCreateFile
NtReadFile
NtWriteFile
NtCancelIoFileEx

advapi32

EventUnregister
SystemFunction036
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegGetValueW
EventRegister
EventSetInformation
EventWriteTransfer

secur32

InitializeSecurityContextW
AcquireCredentialsHandleA
AcceptSecurityContext
FreeCredentialsHandle
FreeContextBuffer
EncryptMessage
ApplyControlToken
DecryptMessage
QueryContextAttributesW
DeleteSecurityContext

uxtheme

SetWindowTheme

api-ms-win-crt-math-l1-1-0

round
floor
trunc
sinf
__setusermatherr
exp2f
exp2
floorf
expf
pow
cosf
powf
atanf

api-ms-win-crt-string-l1-1-0

wcsncmp
_wcsicmp
strcpy_s
wcslen

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-runtime-l1-1-0

_exit
exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_register_onexit_function
abort
_set_app_type
_seh_filter_exe
terminate
__p___argc
_cexit
_crt_atexit
_c_exit
__p___argv

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc
_callnewh

Sections

.text
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9e053393c47c480d692ae999bc0a2a1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

user32

ole32

ws2_32

bcrypt

comctl32

shell32

gdi32

dwmapi

crypt32

iphlpapi

ntdll

advapi32

secur32

uxtheme

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 6.9MB - Virtual size: 6.9MB

.rdata Size: 3.3MB - Virtual size: 3.3MB

.data Size: 1KB - Virtual size: 39KB

.pdata Size: 296KB - Virtual size: 296KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 36KB - Virtual size: 36KB

.text
Size: 6.9MB - Virtual size: 6.9MB

.rdata
Size: 3.3MB - Virtual size: 3.3MB

.data
Size: 1KB - Virtual size: 39KB

.pdata
Size: 296KB - Virtual size: 296KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 36KB - Virtual size: 36KB