Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2023-Feb-20 07:30:43 |
Detected languages |
English - United States
|
TLS Callbacks | 2 callback(s) detected. |
CompanyName | curl, https://curl.se/ |
FileDescription | The curl executable |
FileVersion | 7.88.1 |
InternalName | curl |
OriginalFilename | curl.exe |
ProductName | The curl executable |
ProductVersion | 7.88.1 |
LegalCopyright | © Daniel Stenberg, <daniel@haxx.se>. |
License | https://curl.se/docs/copyright.html |
Info | Interesting strings found in the binary: |
Contains domain names:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Uses constants related to SHA1 Uses constants related to SHA256 Uses constants related to SHA512 Uses constants related to AES Uses constants related to Blowfish Uses constants related to RC5 or RC6 Uses known Diffie-Helman primes Microsoft's Cryptography API |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: curl-for-win Code Signing Authority
Issuer: curl-for-win Root CA 2021 |
Suspicious | VirusTotal score: 1/72 (Scanned on 2024-03-25 22:34:31) | Bkav: W64.AIDetectMalware |
e_magic | MZ |
---|---|
e_cblp | 0x78 |
e_cp | 0x1 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0 |
e_ss | 0 |
e_sp | 0 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x78 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 7 |
TimeDateStamp | 2023-Feb-20 07:30:43 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x3f3200 |
SizeOfInitializedData | 0x173c00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00000000000014D0 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x570000 |
SizeOfHeaders | 0x400 |
Checksum | 0x5764fe |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
ADVAPI32.dll |
CryptAcquireContextA
CryptCreateHash CryptDestroyHash CryptGetHashParam CryptHashData CryptReleaseContext DeregisterEventSource RegisterEventSourceW ReportEventW |
---|---|
bcrypt.dll |
BCryptGenRandom
|
CRYPT32.dll |
CertAddCertificateContextToStore
CertCloseStore CertCreateCertificateChainEngine CertEnumCertificatesInStore CertFindCertificateInStore CertFindExtension CertFreeCertificateChain CertFreeCertificateChainEngine CertFreeCertificateContext CertGetCertificateChain CertGetEnhancedKeyUsage CertGetIntendedKeyUsage CertGetNameStringA CertOpenStore CertOpenSystemStoreA CryptDecodeObjectEx CryptQueryObject CryptStringToBinaryA PFXImportCertStore |
KERNEL32.dll |
AcquireSRWLockExclusive
AcquireSRWLockShared CancelIo CloseHandle CompareFileTime ConvertFiberToThread ConvertThreadToFiberEx CreateEventA CreateFiberEx CreateFileA CreateFileMappingA CreateToolhelp32Snapshot DeleteCriticalSection DeleteFiber EnterCriticalSection FindClose FindFirstFileW FindFirstVolumeW FindNextFileW FindNextVolumeW FindVolumeClose FormatMessageW FreeLibrary GetACP GetConsoleMode GetConsoleScreenBufferInfo GetCurrentProcessId GetCurrentThreadId GetDiskFreeSpaceExW GetEnvironmentVariableA GetEnvironmentVariableW GetFileInformationByHandle GetFileSizeEx GetFileTime GetFileType GetLastError GetModuleFileNameA GetModuleHandleA GetModuleHandleW GetOverlappedResult GetProcAddress GetStartupInfoA GetStdHandle GetSystemDirectoryA GetSystemInfo GetSystemTime GetSystemTimeAsFileTime GetTickCount GetTimeZoneInformation GetVersion GetVolumeInformationW InitializeCriticalSection InitializeCriticalSectionEx InitializeSRWLock LeaveCriticalSection LoadLibraryA MapViewOfFile Module32First Module32Next MoveFileExA MultiByteToWideChar PeekNamedPipe QueryPerformanceCounter QueryPerformanceFrequency ReadConsoleA ReadConsoleW ReadFile ReleaseSRWLockExclusive ReleaseSRWLockShared RtlVirtualUnwind SearchPathA SetConsoleCtrlHandler SetConsoleMode SetEndOfFile SetFilePointer SetFileTime SetHandleInformation SetLastError SetUnhandledExceptionFilter Sleep SleepEx SwitchToFiber SystemTimeToFileTime TlsAlloc TlsFree TlsGetValue TlsSetValue UnmapViewOfFile VerSetConditionMask VerifyVersionInfoW VirtualAlloc VirtualFree VirtualLock VirtualProtect VirtualQuery WaitForMultipleObjects WaitForSingleObjectEx WaitNamedPipeA WideCharToMultiByte WriteConsoleW WriteFile |
Normaliz.dll |
IdnToAscii
|
api-ms-win-crt-conio-l1-1-0.dll |
_getch
|
api-ms-win-crt-convert-l1-1-0.dll |
atoi
mbrtowc strtod strtol strtoll strtoul wcrtomb wcstombs |
api-ms-win-crt-environment-l1-1-0.dll |
__p__environ
__p__wenviron getenv |
api-ms-win-crt-filesystem-l1-1-0.dll |
_fstat64
_stat64 _unlink _mkdir _access |
api-ms-win-crt-heap-l1-1-0.dll |
_set_new_mode
calloc free malloc realloc |
api-ms-win-crt-locale-l1-1-0.dll |
localeconv
setlocale |
api-ms-win-crt-math-l1-1-0.dll |
__setusermatherr
_fdopen |
api-ms-win-crt-private-l1-1-0.dll |
__C_specific_handler
memchr memcmp memcpy memmove strchr strrchr strstr wcsstr |
api-ms-win-crt-runtime-l1-1-0.dll |
_set_app_type
__p___argc __p___argv __p___wargv __p__acmdln __sys_errlist __sys_nerr _beginthreadex _cexit _configure_narrow_argv _configure_wide_argv _crt_at_quick_exit _crt_atexit _errno _exit _initialize_narrow_environment _initialize_wide_environment _initterm _set_errno _set_invalid_parameter_handler abort exit raise signal strerror |
api-ms-win-crt-stdio-l1-1-0.dll |
__acrt_iob_func
__p__commode __p__fmode __stdio_common_vfprintf __stdio_common_vfwprintf __stdio_common_vsprintf __stdio_common_vsscanf __stdio_common_vswprintf _fileno _get_osfhandle _lseeki64 _telli64 _wfopen _write fclose feof ferror fflush fgets fopen fputc fputs fread fseek ftell fwrite getc putchar puts rewind setvbuf _write _setmode _setmode _read _open _isatty _fileno _close |
api-ms-win-crt-string-l1-1-0.dll |
isspace
memset strcat strcmp strcpy strcspn strlen strncmp strncpy strpbrk strspn strtok tolower wcscpy wcslen _stricmp _strdup _strdup |
api-ms-win-crt-time-l1-1-0.dll |
__daylight
__timezone __tzname _difftime64 _gmtime64 _localtime64 _time64 _tzset strftime |
api-ms-win-crt-utility-l1-1-0.dll |
qsort
|
USER32.dll |
FindWindowA
GetProcessWindowStation GetUserObjectInformationW MessageBoxW SendMessageA |
WLDAP32.dll |
ber_free
ldap_bind_s ldap_err2string ldap_first_attribute ldap_first_entry ldap_get_dn ldap_get_values_len ldap_init ldap_memfree ldap_msgfree ldap_next_attribute ldap_next_entry ldap_search_s ldap_set_option ldap_simple_bind_s ldap_sslinit ldap_unbind_s ldap_value_free_len |
WS2_32.dll |
WSACleanup
WSACloseEvent WSACreateEvent WSAEnumNetworkEvents WSAEventSelect WSAGetLastError WSAIoctl WSAResetEvent WSASetEvent WSASetLastError WSAStartup WSAWaitForMultipleEvents __WSAFDIsSet accept bind closesocket connect freeaddrinfo getaddrinfo gethostbyaddr gethostbyname gethostname getpeername getservbyname getservbyport getsockname getsockopt htonl htons inet_addr inet_ntoa inet_ntop inet_pton ioctlsocket listen ntohs recv recvfrom select send sendto setsockopt shutdown socket |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 7.88.1.0 |
ProductVersion | 7.88.1.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | curl, https://curl.se/ |
FileDescription | The curl executable |
FileVersion (#2) | 7.88.1 |
InternalName | curl |
OriginalFilename | curl.exe |
ProductName | The curl executable |
ProductVersion (#2) | 7.88.1 |
LegalCopyright | © Daniel Stenberg, <daniel@haxx.se>. |
License | https://curl.se/docs/copyright.html |
Resource LangID | UNKNOWN |
---|
StartAddressOfRawData | 0x140562000 |
---|---|
EndAddressOfRawData | 0x140562008 |
AddressOfIndex | 0x14054363c |
AddressOfCallbacks | 0x140515ae8 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_8BYTES
|
Callbacks |
0x0000000140032BB0
0x0000000140032B80 |