home

curl.exe

The cURL executable

Stefan Kanthak

This is a setup program which is used to install the application. The file has been seen being downloaded from doc-10-2o-docs.googleusercontent.com.
Publisher:
cURL, https://curl.haxx.se/  (signed by Stefan Kanthak)

Product:
The cURL executable

Version:
7.50.3

MD5:
e2dfcf637914676f16d212a5cf6813aa

SHA-1:
fbfee0f72fea7a0f3f49426f30888a29a6141c47

SHA-256:
f1f8fe4b1ad256299e1f1bc978d22ea922f9ce827dce809a17495d355c0ad806

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 8:22:40 PM UTC  (today)

File size:
837.1 KB (857,160 bytes)

Product version:
7.50.3

Copyright:
© 1996 - 2016 Daniel Stenberg, <daniel@haxx.se>.

Original file name:
curl.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\curl-7.50.3\amd64\curl.exe

Digital Signature
Signed by:
Stefan Kanthak

Authority:
1&1 Mail & Media GmbH

Valid from:
9/14/2016 3:14:26 PM

Valid to:
9/14/2017 3:14:26 PM

Subject:
E=stefan.kanthak@web.de, CN=Stefan Kanthak, L=München, C=DE

Issuer:
E=trust@web.de, CN=WEB.DE TrustCenter E-Mail Certification Authority, OU=Trust Center, O=1&1 Mail & Media GmbH, L=D-76135 Karlsruhe, S=Baden-Wuerttemberg, C=DE

Serial number:
04638DAF

File PE Metadata
Compilation timestamp:
9/14/2016 3:01:04 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
24576:vFasPy5jYhtXTSZyqaFN8ij/cpTDc65COJWBAVf:2VYhhEdTJ

Entry address:
0x63AE0

Entry point:
48, 83, EC, 38, 48, 89, 5C, 24, 50, 48, 89, 7C, 24, 58, FF, 15, 64, 08, 01, 00, 48, 8B, C8, 33, D2, 41, B8, 94, 00, 00, 00, FF, 15, F3, 07, 01, 00, 48, 8B, D8, 48, 85, C0, 75, 0A, B8, FF, 00, 00, 00, E9, 32, 02, 00, 00, C7, 00, 94, 00, 00, 00, 48, 8B, C8, FF, 15, 7A, 07, 01, 00, 85, C0, 75, 1E, FF, 15, 28, 08, 01, 00, 48, 8B, C8, 4C, 8B, C3, 33, D2, FF, 15, C2, 07, 01, 00, B8, FF, 00, 00, 00, E9, 01, 02, 00, 00, 8B, 43, 10, 89, 05, DB, 32, 06, 00, 8B, 43, 04, 89, 05, DE, 32, 06, 00, 8B, 43, 08, 89, 05, D9...
 
[+]

Code size:
458.5 KB (469,504 bytes)

The file curl.exe has been seen being distributed by the following URL.

https://doc-10-2o-docs.googleusercontent.com/docs/securesc/snvq9krb3dc9as3d47tgqp5sonj5rvj6/afpgmv8t3udbjvlooftdbhgghugine63/1477864800000/01334879206961207239/.../0B9Y1hM8iB6ihdWEwZUtoRDFKVVE?e=download

Scan curl.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.