36d9b7e622c44c92008073e03c3bbe9928c56d828c59d9775d14377cf7172f93

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2026-May-02 23:28:34
Detected languages English - United States
TLS Callbacks 1 callback(s) detected.
CompanyName curl, https://curl.se/
FileDescription The curl executable
FileVersion 8.20.0
InternalName curl
OriginalFilename curl.exe
ProductName The curl executable
ProductVersion 8.20.0
LegalCopyright Copyright (C) Daniel Stenberg, <daniel@haxx.se>.
License https://curl.se/docs/copyright.html

Plugin Output

Suspicious PEiD Signature: UPX -> www.upx.sourceforge.net
Info Interesting strings found in the binary: Contains domain names:
  • https://curl.se
Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
 Leverages the raw socket API to access the Internet:
  • bind
Suspicious The file contains overlay data. 14 bytes of data starting at offset 0x224800.
Malicious VirusTotal score: 9/70 (Scanned on 2026-06-19 16:11:22) APEX: Malicious
Bkav: W32.Malware.8DF54705
CrowdStrike: win/malicious_confidence_70% (W)
Cylance: Unsafe
DeepInstinct: MALICIOUS
MaxSecure: Trojan.Malware.300983.susgen
Paloalto: generic.ml
Trapmine: malicious.moderate.ml.score
TrendMicro-HouseCall: Trojan.Win32.Gen.TL0101EF26Y7

Hashes

MD5 12ac0e836005a77a63668a7b5f92eb59
SHA1 fee7fc98d858857a43916945fffbdba81542a9a1
SHA256 36d9b7e622c44c92008073e03c3bbe9928c56d828c59d9775d14377cf7172f93
SHA3 afa1c5b9e4f1d48404ec128205f258498b3c745e73b5325170118e60003b387a
SSDeep 49152:lU4ML1rJXKKTKIQzhiYNYW9cZnUK21aNoh+sYH5Ipspl5GYu:lmpv169InUK3yOZIpspLGYu
Imports Hash e2c6636a3a2d944a07a28458b1b30207

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2026-May-02 23:28:34
PointerToSymbolTable 0x5d9000
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0x224000
SizeOfInitializedData 0x1000
SizeOfUninitializedData 0x3d3000
AddressOfEntryPoint 0x005F7310 (Section: UPX1)
BaseOfCode 0x3d4000
BaseOfData 0x5f8000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 1.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x5f9000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x3d3000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 976e0565716303de5a5f7c6cdd42d417
SHA1 acdaea06ba1739fcdeb7ab602536242cf14d4107
SHA256 78b79122bcbbde39120aff8ebec60bb73d9ac0ae0046ee3aaa4b098bfa753b59
SHA3 0a84b34c04de358f167a5b06f763acf4996b4786500aa2e5c89856648468dbc2
VirtualSize 0x224000
VirtualAddress 0x3d4000
SizeOfRawData 0x224000
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.99991

.rsrc

MD5 f6048d2a0aabb0699d672035f832d526
SHA1 138b3d66e182ed1167d0ceb1903f504510d02194
SHA256 01f0285332d1441b03c5f9093dc1a6bf6faaad04af6f2e4dc66e6ffc0a740a0b
SHA3 27751a30c97a8a11b3686f03bb20718082965313b4c637fb87f3eb097fdbd993
VirtualSize 0x1000
VirtualAddress 0x5f8000
SizeOfRawData 0x600
PointerToRawData 0x224200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.56985

Imports

ADVAPI32.dll ReportEventW
CRYPT32.dll CertCloseStore
KERNEL32.DLL LoadLibraryA
ExitProcess
GetProcAddress
VirtualProtect
msvcrt.dll atoi
USER32.dll MessageBoxW
wldap32.dll ber_free
WS2_32.dll bind

Delayed Imports

1

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x378
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.40044
MD5 f64011c766988f286b6b4397c0f21859
SHA1 2d4c1277d1cf29d2af25e2feb2d09ea6d0ba231c
SHA256 0f7985c2cfeb07f86627d8a065abfaab3210ba4e8b858c3a0f83b089b78d39f8
SHA3 7d7faf074e7501932bb08e4bfa6f42658bb14c194b17fa3e79cdeeb5de8af33a

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 8.20.0.0
ProductVersion 8.20.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName curl, https://curl.se/
FileDescription The curl executable
FileVersion (#2) 8.20.0
InternalName curl
OriginalFilename curl.exe
ProductName The curl executable
ProductVersion (#2) 8.20.0
LegalCopyright Copyright (C) Daniel Stenberg, <daniel@haxx.se>.
License https://curl.se/docs/copyright.html
Resource LangID UNKNOWN

TLS Callbacks

StartAddressOfRawData 0x9f7fe8
EndAddressOfRawData 0x9f7fec
AddressOfIndex 0x9b8a20
AddressOfCallbacks 0x9f7fec
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks 0x009F7FAE

Load Configuration

RICH Header

Errors

[*] Warning: Section UPX0 has a size of 0!
Leave a comment

No comments yet.