7434b6086815266e3910d292a5e6b5aec8232891c0ca1aebbb52ad738b7ae43aN

Sharing

Copy URL Twitter E-mail

General

Target

7434b6086815266e3910d292a5e6b5aec8232891c0ca1aebbb52ad738b7ae43aN
Size

631KB
MD5

40b2028df8ae4eab8b017b46e35c4140
SHA1

92d734fad113dc2fec0c97e46e84e6a5afb4ee99
SHA256

7434b6086815266e3910d292a5e6b5aec8232891c0ca1aebbb52ad738b7ae43a
SHA512

281ccacf157dd93097b2a24d133324dac3e42f649666cb5b325f21c1e74556d40189e709041d47a4958f8406e87913706a959133196b88553786ee4f0058ea2f
SSDEEP

12288:PcvXIXMtsfzsCBaYKW35qapjublhHugtnqdwA:EXIVfBxwapjKlhOgewA

Score

1^/10

Malware Config

Signatures

Files

7434b6086815266e3910d292a5e6b5aec8232891c0ca1aebbb52ad738b7ae43aN
.dll windows:6 windows x64 arch:x64

b62fe72095f37ac757bddb6ada2c80ea

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:57:97:42:a9:53:ba:d9:0d:42:37:a3:f3:e3:8c:5e
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

04/05/2022, 00:00

Not After

04/05/2024, 23:59

Subject

SERIALNUMBER=2853894,CN=VMware\, Inc.,O=VMware\, Inc.,L=Palo Alto,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bf:07:98:c2:03:8a:e9:2f:23:68:9c:ca:a0:5e:1b:38:01:59:e4:63:a1:71:32:78:b5:2f:99:c2:77:a1:a0:b9
Signer

Actual PE Digest

bf:07:98:c2:03:8a:e9:2f:23:68:9c:ca:a0:5e:1b:38:01:59:e4:63:a1:71:32:78:b5:2f:99:c2:77:a1:a0:b9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\build\ob\bora-22746365\cayman_curl\build\release\win64_vc140\curl\build\curl\libcurl-vc15-x64-release-dll-ssl-dll-cares-static-zlib-static-ipv6-sspi-obj-lib\libcurl.pdb

Imports

libssl-3-x64

SSL_CIPHER_get_name
SSL_pending
SSL_CTX_set_cert_store
SSL_set_bio
SSL_CTX_set_ciphersuites
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_certificate_file
SSL_CTX_use_certificate_chain_file
SSL_CTX_get_cert_store
SSL_CTX_free
SSL_SESSION_free
SSL_set_session
SSL_get1_peer_certificate
SSL_get_peer_cert_chain
SSL_CTX_set_verify
SSL_CTX_new
SSL_CTX_use_PrivateKey
SSL_CTX_use_certificate
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_check_private_key
SSL_new
SSL_free
SSL_connect
SSL_read
SSL_write
SSL_ctrl
SSL_CTX_ctrl
SSL_get_error
SSL_get_version
TLS_client_method
SSL_shutdown
SSL_CTX_set_post_handshake_auth
SSL_CTX_set_cipher_list
SSL_alert_desc_string_long
SSL_CTX_add_client_CA
SSL_CTX_set_keylog_callback
SSL_set_connect_state
SSL_get_certificate
SSL_get_privatekey
SSL_get_shutdown
SSL_get_verify_result
SSL_set_ex_data
SSL_get_ex_data
SSL_get0_alpn_selected
OPENSSL_init_ssl
SSL_CTX_set_msg_callback
SSL_get_current_cipher
SSL_CTX_set_alpn_protos
SSL_CTX_sess_set_new_cb
SSL_CTX_set_options

libcrypto-3-x64

X509_NAME_get_index_by_NID
X509_NAME_print_ex
X509_get_pubkey
X509_get0_extensions
X509_get_X509_PUBKEY
X509_get0_notAfter
X509_get0_notBefore
X509_get_subject_name
X509_get_issuer_name
X509_get_serialNumber
X509_get_version
X509_INFO_free
X509_get0_signature
d2i_X509
X509_free
i2d_X509_PUBKEY
X509_ALGOR_get0
d2i_PrivateKey_bio
d2i_X509_bio
X509_verify_cert_error_string
X509_STORE_load_path
X509_STORE_load_file
X509_load_crl_file
X509_STORE_add_crl
X509_STORE_add_cert
X509_LOOKUP_file
X509_STORE_add_lookup
X509_STORE_set_flags
X509_STORE_up_ref
X509_STORE_free
RSA_flags
RSA_free
EVP_PKEY_get_bn_param
EVP_PKEY_copy_parameters
EVP_PKEY_free
EVP_PKEY_get1_RSA
EVP_PKEY_get_id
EVP_sha1
EVP_DigestInit
ASN1_STRING_print
ASN1_TIME_print
ASN1_STRING_to_UTF8
i2t_ASN1_OBJECT
i2a_ASN1_OBJECT
PEM_X509_INFO_read_bio
ASN1_STRING_type
ASN1_STRING_length
BN_print
BN_clear_free
BN_num_bits
BIO_meth_set_destroy
BIO_meth_set_create
BIO_meth_set_ctrl
BIO_meth_set_read
BIO_meth_set_write
BIO_meth_free
BIO_meth_new
BIO_printf
BIO_new_mem_buf
BIO_s_mem
BIO_ctrl
BIO_puts
BIO_get_shutdown
BIO_set_shutdown
BIO_set_init
X509_NAME_ENTRY_get_data
X509_NAME_get_entry
BIO_get_data
BIO_set_data
BIO_free
BIO_new
BIO_s_file
BIO_clear_flags
BIO_set_flags
CRYPTO_free
CRYPTO_malloc
OpenSSL_version
OPENSSL_sk_pop
OPENSSL_sk_pop_free
OPENSSL_sk_value
OPENSSL_sk_num
EVP_sha256
EVP_DigestFinal_ex
EVP_DigestUpdate
EVP_DigestInit_ex
EVP_MD_CTX_free
EVP_MD_CTX_new
MD5_Final
MD5_Update
MD5_Init
DES_set_key_unchecked
DES_set_odd_parity
DES_ecb_encrypt
PEM_read_bio_X509
X509_get_ext_d2i
PEM_write_bio_X509
PEM_read_bio_X509_AUX
PEM_read_bio_PrivateKey
RAND_bytes
RAND_status
GENERAL_NAMES_free
X509V3_EXT_print
X509_check_issued
ERR_get_error
ERR_peek_error
X509_EXTENSION_get_object
ENGINE_set_default
ENGINE_load_private_key
ENGINE_finish
ENGINE_init
ENGINE_get_id
ENGINE_free
ENGINE_ctrl_cmd
ENGINE_ctrl
ENGINE_by_id
ENGINE_get_next
ENGINE_get_first
UI_set_result
UI_get_input_flags
UI_get_string_type
UI_method_get_closer
X509_EXTENSION_get_data
UI_method_get_reader
UI_method_get_writer
UI_method_get_opener
UI_method_set_closer
UI_method_set_reader
UI_method_set_writer
UI_method_set_opener
UI_destroy_method
UI_create_method
UI_OpenSSL
UI_get0_user_data
OCSP_basic_verify
OCSP_crl_reason_str
X509_PUBKEY_get0_param
OCSP_cert_status_str
OCSP_response_status_str
OCSP_CERTID_free
d2i_OCSP_RESPONSE
OCSP_RESPONSE_free
OCSP_BASICRESP_free
OCSP_check_validity
OCSP_resp_find_status
OCSP_response_get1_basic
OCSP_response_status
OCSP_cert_to_id
d2i_PKCS12_bio
PKCS12_parse
PKCS12_PBE_add
PKCS12_free
ERR_error_string_n
ERR_clear_error
ASN1_STRING_get0_data
ERR_peek_last_error

ws2_32

bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
send
setsockopt
socket
WSASetLastError
WSAGetLastError
WSAIoctl
gethostname
accept
listen
WSACloseEvent
WSACreateEvent
recv
ntohs
WSAEnumNetworkEvents
getservbyname
sendto
recvfrom
WSACleanup
WSAStartup
select
__WSAFDIsSet
htonl
ioctlsocket
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEventSelect
ntohl

wldap32

ord217
ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord143
ord35
ord79
ord30
ord200
ord301

advapi32

RegQueryValueExA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
SystemFunction036

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA

normaliz

IdnToUnicode
IdnToAscii

iphlpapi

GetUnicastIpAddressTable
GetAdaptersAddresses
GetBestRoute2
FreeMibTable

bcrypt

BCryptGenRandom

kernel32

SleepEx
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetProcAddress
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetEnvironmentVariableA
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetCurrentThreadId
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetVersionExA
GetWindowsDirectoryA
ExpandEnvironmentStringsA
GetSystemTimeAsFileTime
CompareFileTime
VerifyVersionInfoW
VerSetConditionMask
GetTickCount
QueryPerformanceCounter
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
LoadLibraryA
GetModuleHandleA
GetSystemDirectoryA
QueryPerformanceFrequency
FormatMessageW
SetLastError
GetLastError
GetCurrentProcessId
MoveFileExA
Sleep

vcruntime140

memchr
memmove
strrchr
memcmp
memset
__C_specific_handler
memcpy
__std_type_info_destroy_list
strchr
strstr

api-ms-win-crt-string-l1-1-0

isupper
isdigit
strncat
isspace
strspn
isxdigit
strncmp
strcspn
_strdup
strpbrk
strncpy
_stricmp
tolower
_strnicmp
strcmp

api-ms-win-crt-stdio-l1-1-0

fgets
feof
__acrt_iob_func
_open
_close
fflush
_fileno
setvbuf
__stdio_common_vsscanf
fputs
fclose
fwrite
ftell
_read
__stdio_common_vsprintf
_lseeki64
fputc
fread
_fseeki64
ferror
fseek
fopen
_write

api-ms-win-crt-convert-l1-1-0

wcstombs
strtoul
atoi
strtol
strtoll

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64
strftime

api-ms-win-crt-runtime-l1-1-0

_initterm
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_cexit
_errno
__sys_errlist
_initterm_e
__sys_nerr

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-filesystem-l1-1-0

_stat64
_access
_fstat64
_unlink

api-ms-win-crt-heap-l1-1-0

free
malloc
realloc
calloc

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

_fdopen

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_header
curl_easy_init
curl_easy_nextheader
curl_easy_option_by_id
curl_easy_option_by_name
curl_easy_option_next
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_global_trace
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_get_handles
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_pushheader_byname
curl_pushheader_bynum
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_url_strerror
curl_version
curl_version_info
curl_ws_meta
curl_ws_recv
curl_ws_send

Sections

.text
Size: 453KB - Virtual size: 452KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b62fe72095f37ac757bddb6ada2c80ea

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

08:57:97:42:a9:53:ba:d9:0d:42:37:a3:f3:e3:8c:5eCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

bf:07:98:c2:03:8a:e9:2f:23:68:9c:ca:a0:5e:1b:38:01:59:e4:63:a1:71:32:78:b5:2f:99:c2:77:a1:a0:b9Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libssl-3-x64

libcrypto-3-x64

ws2_32

wldap32

advapi32

crypt32

normaliz

iphlpapi

bcrypt

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 453KB - Virtual size: 452KB

.rdata Size: 128KB - Virtual size: 127KB

.data Size: 10KB - Virtual size: 11KB

.pdata Size: 25KB - Virtual size: 25KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

08:57:97:42:a9:53:ba:d9:0d:42:37:a3:f3:e3:8c:5e
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

bf:07:98:c2:03:8a:e9:2f:23:68:9c:ca:a0:5e:1b:38:01:59:e4:63:a1:71:32:78:b5:2f:99:c2:77:a1:a0:b9
Signer

.text
Size: 453KB - Virtual size: 452KB

.rdata
Size: 128KB - Virtual size: 127KB

.data
Size: 10KB - Virtual size: 11KB

.pdata
Size: 25KB - Virtual size: 25KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB