9d785e07566b4324b2d143ab598ba9082695648d478d131be0805d401ad6cdc7

Sharing

Copy URL Twitter E-mail

General

Target

9d785e07566b4324b2d143ab598ba9082695648d478d131be0805d401ad6cdc7
Size

3.0MB
MD5

2c037bf2b85cf1b101b7ab580dacfa73
SHA1

2f047b6e1c45c7e410de306dac618915317d95c1
SHA256

9d785e07566b4324b2d143ab598ba9082695648d478d131be0805d401ad6cdc7
SHA512

27c0f28a27b1e8d075fd31097a8b7007d9125dabdd73b1bf129137728872f9ef46a7e803c5f35528c6e5703222cc0112917f682aeea958c8e767c87bd09fc873
SSDEEP

49152:y3f9eNsCVrVGZgaj4yTRgTbw7wJZYfEYPfPkiI4SN0y8r4sJbyttbGu5:aa8Z/jJgTrMEYnPkiOey88euEu5

Score

1^/10

Malware Config

Signatures

Files

9d785e07566b4324b2d143ab598ba9082695648d478d131be0805d401ad6cdc7
.dll windows:6 windows x64 arch:x64

f005c3f78e8420e502da59527e185b97

Code Sign

21:05:fc:25:c2:a4:7d:bd:fd:de:47:cc:23:77:50:00:1d:5b:5b:b2
Certificate

Issuer

CN=curl-for-win Root CA 2024

Not Before

31/03/2024, 22:02

Not After

31/03/2029, 22:02

Subject

CN=curl-for-win Root CA 2024

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:ce:36:e2:7d:57:32:82:a8:5f:00:c4:17:99:d6:70:39:63:34:cb
Certificate

Issuer

CN=curl-for-win Root CA 2024

Not Before

31/03/2024, 22:02

Not After

31/03/2027, 22:02

Subject

CN=curl-for-win Code Signing Authority

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:77:44:4a:41:de:d5:4f:24:77:81:5a:11:a7:71:8a:c5:f0:f9:05:3a:56:0e:6b:03:11:a9:e9:96:1a:93:12:98:b6:57:ec:e4:1a:46:77:52:2e:9b:74:e0:05:28:92:11:ea:b1:fd:9c:0c:73:0e:99:6d:26:53:30:b4:32:65
Signer

Actual PE Digest

04:77:44:4a:41:de:d5:4f:24:77:81:5a:11:a7:71:8a:c5:f0:f9:05:3a:56:0e:6b:03:11:a9:e9:96:1a:93:12:98:b6:57:ec:e4:1a:46:77:52:2e:9b:74:e0:05:28:92:11:ea:b1:fd:9c:0c:73:0e:99:6d:26:53:30:b4:32:65

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

bcrypt

BCryptGenRandom

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA

kernel32

AcquireSRWLockExclusive
CancelIo
CloseHandle
CompareFileTime
CreateEventA
CreateFileA
CreateFileMappingA
CreateMutexA
DeleteCriticalSection
EnterCriticalSection
FormatMessageW
FreeLibrary
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetFileAttributesA
GetFileType
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetOverlappedResult
GetProcAddress
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
GetTimeZoneInformation
InitOnceExecuteOnce
InitializeCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
MoveFileExA
MultiByteToWideChar
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
ReleaseMutex
ReleaseSRWLockExclusive
RtlVirtualUnwind
SetConsoleMode
SetEvent
SetHandleInformation
SetLastError
Sleep
SleepEx
TerminateProcess
TlsGetValue
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeA
WideCharToMultiByte
WriteFile

normaliz

IdnToAscii
IdnToUnicode

api-ms-win-crt-convert-l1-1-0

atoi
mbrtowc
strtol
strtoll
strtoul
strtoull
wcrtomb
wcstombs

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron
getenv

api-ms-win-crt-filesystem-l1-1-0

_findfirst64
_findclose
_findnext64
_fstat64
_fullpath
_lock_file
_stat64
_unlock_file
_unlink

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-math-l1-1-0

_fdopen

api-ms-win-crt-private-l1-1-0

memchr
memcmp
memcpy
memmove
strchr
strrchr
strstr

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
__sys_errlist
__sys_nerr
_beginthreadex
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_errno
_execute_onexit_table
_exit
_initialize_narrow_environment
_initialize_onexit_table
_initialize_wide_environment
_initterm
_register_onexit_function
abort
exit
strerror

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vswprintf
_fseeki64
_get_osfhandle
_lseeki64
_open
fclose
feof
ferror
fflush
fgets
fopen
fputc
fputs
fread
fseek
ftell
fwrite
getc
rewind
setvbuf
ungetc
_write
_write
_read
_open
_fileno
_fileno
_close

api-ms-win-crt-string-l1-1-0

_strnicmp
isalnum
isspace
isupper
isxdigit
mbrlen
memset
strcmp
strcpy
strcspn
strlen
strncmp
strncpy
strpbrk
strspn
tolower
wcslen
_stricmp
_strdup

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_difftime64
_gmtime64
_time64
_tzset
strftime

api-ms-win-crt-utility-l1-1-0

_byteswap_uint64
bsearch
qsort

user32

FindWindowA
SendMessageA

wldap32

ber_free
ldap_bind_s
ldap_err2string
ldap_first_attribute
ldap_first_entry
ldap_get_dn
ldap_get_values_len
ldap_init
ldap_memfree
ldap_msgfree
ldap_next_attribute
ldap_next_entry
ldap_search_s
ldap_set_option
ldap_simple_bind_s
ldap_sslinit
ldap_unbind_s
ldap_value_free_len

ws2_32

WSACleanup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAIoctl
WSAResetEvent
WSASetEvent
WSASetLastError
WSAStartup
WSAStringToAddressW
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getpeername
getsockname
getsockopt
htonl
htons
inet_ntop
inet_pton
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_header
curl_easy_init
curl_easy_nextheader
curl_easy_option_by_id
curl_easy_option_by_name
curl_easy_option_next
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_global_trace
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_get_handles
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_waitfds
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_pushheader_byname
curl_pushheader_bynum
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_url_strerror
curl_version
curl_version_info
curl_ws_meta
curl_ws_recv
curl_ws_send

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 693KB - Virtual size: 693KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.note
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f005c3f78e8420e502da59527e185b97

Code Sign

21:05:fc:25:c2:a4:7d:bd:fd:de:47:cc:23:77:50:00:1d:5b:5b:b2Certificate

Key Usages

3f:ce:36:e2:7d:57:32:82:a8:5f:00:c4:17:99:d6:70:39:63:34:cbCertificate

Extended Key Usages

Key Usages

04:77:44:4a:41:de:d5:4f:24:77:81:5a:11:a7:71:8a:c5:f0:f9:05:3a:56:0e:6b:03:11:a9:e9:96:1a:93:12:98:b6:57:ec:e4:1a:46:77:52:2e:9b:74:e0:05:28:92:11:ea:b1:fd:9c:0c:73:0e:99:6d:26:53:30:b4:32:65Signer

Headers

DLL Characteristics

File Characteristics

Imports

bcrypt

crypt32

kernel32

normaliz

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

user32

wldap32

ws2_32

Exports

Exports

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 693KB - Virtual size: 693KB

.buildid Size: 512B - Virtual size: 32B

.data Size: 42KB - Virtual size: 53KB

.pdata Size: 2KB - Virtual size: 1KB

.note Size: 512B - Virtual size: 364B

.rodata Size: 17KB - Virtual size: 17KB

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 21KB - Virtual size: 20KB

21:05:fc:25:c2:a4:7d:bd:fd:de:47:cc:23:77:50:00:1d:5b:5b:b2
Certificate

3f:ce:36:e2:7d:57:32:82:a8:5f:00:c4:17:99:d6:70:39:63:34:cb
Certificate

04:77:44:4a:41:de:d5:4f:24:77:81:5a:11:a7:71:8a:c5:f0:f9:05:3a:56:0e:6b:03:11:a9:e9:96:1a:93:12:98:b6:57:ec:e4:1a:46:77:52:2e:9b:74:e0:05:28:92:11:ea:b1:fd:9c:0c:73:0e:99:6d:26:53:30:b4:32:65
Signer

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 693KB - Virtual size: 693KB

.buildid
Size: 512B - Virtual size: 32B

.data
Size: 42KB - Virtual size: 53KB

.pdata
Size: 2KB - Virtual size: 1KB

.note
Size: 512B - Virtual size: 364B

.rodata
Size: 17KB - Virtual size: 17KB

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 21KB - Virtual size: 20KB