httpd_exe[.]zip

Resubmissions

14-02-2023 08:35

230214-khgz7sca74 1

14-02-2023 08:31

230214-kes83abd2x 6

Sharing

Copy URL

Twitter E-mail

General

Target

httpd_exe.zip
Size

12KB
MD5

3ab0722d2cc80f4f538bc84bf361b9bb
SHA1

1352b2ab28f5825b41f5c3adcef3818eaaedd44d
SHA256

c33e70ddba39aaadb7d3639c9586656a652b5b927151f78b1fa1e0bfe0b29d35
SHA512

bf53f3c5ae739824a26b845698762ce456caf73576cf63842de5af08d940edc77d121513d56fdcd608a04a9bb341f7b23b1380eca42d5567f7b350ce02562818
SSDEEP

192:NiSCWzzdPhK6riZQd0DznEH+nC7Q4DBCBlEOZl3jYMMwTr1WF/dDuinBeyQ7:NiSHzzdZsO0Dzo+nNCCXVYxWr1WFlBC7

Score

1^/10

Malware Config

Signatures

Files

httpd_exe.zip
.zip

Password: 12345#asdf
Device/HarddiskVolume5/Apache24/bin/httpd.exe
.exe windows x64

Password: 12345#asdf

c70370864bd343c006e59e1dca6b8f1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libhttpd

ap_open_stderr_log
ap_get_server_built
ap_default_loglevel
ap_prelinked_modules
ap_conftree
ap_document_root_check
ap_server_config_defines
ap_server_post_read_config
ap_server_pre_read_config
ap_config_generation
ap_run_mode
ap_main_state
ap_pglobal
ap_server_conf
ap_server_root
ap_server_argv0
ap_real_exit_code
ap_mpm_query
ap_run_mpm
ap_fini_vhost_config
ap_clear_auth_internal
ap_init_rng
ap_run_optional_fn_retrieve
ap_pool_cleanup_set_null
ap_log_error_
ap_replace_stderr_log
ap_run_open_logs
ap_run_post_config
ap_run_test_config
ap_run_check_config
ap_run_pre_config
ap_process_config_tree
ap_fixup_virtual_hosts
ap_register_hooks
ap_run_rewrite_args
ap_read_config
ap_show_mpm
ap_show_modules
ap_show_directives
ap_setup_prelinked_modules
ap_parse_log_level
ap_abort_on_oom
ap_get_server_description

libaprutil-1

apu_version_string
apr_hook_sort_all
apr_dynamic_fn_retrieve
apr_hook_deregister_all

libapr-1

apr_array_push
apr_array_make
apr_version_string
apr_ctime
apr_sleep
apr_time_now
apr_filepath_name_get
apr_getopt
apr_getopt_init
apr_app_initialize
apr_pstrdup
apr_pool_cleanup_null
apr_pool_pre_cleanup_register
apr_pool_cleanup_register
apr_pool_tag
apr_pool_parent_get
apr_pool_abort_set
apr_palloc
apr_pool_destroy
apr_pool_clear
apr_pool_create_ex
apr_terminate

vcruntime140

memset
__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initialize_onexit_table
exit
_crt_atexit
terminate
_c_exit
_cexit
__p___argv
__p___argc
_seh_filter_exe
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_set_app_type

api-ms-win-crt-stdio-l1-1-0

_open
_write
_setmode
_read
_lseek
_close
__stdio_common_vfprintf
fwrite
ftell
fseek
fread
fopen
_fileno
fflush
ferror
feof
fclose
clearerr
__acrt_iob_func
__p__commode
_set_fmode
fgets

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

kernel32

QueryPerformanceCounter
GetModuleHandleW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
RtlCaptureContext
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry

Exports

Exports

OPENSSL_Applink

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manifest.json

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: 12345#asdf

Password: 12345#asdf

c70370864bd343c006e59e1dca6b8f1e

Headers

DLL Characteristics

File Characteristics

Imports

libhttpd

libaprutil-1

libapr-1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 504B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 40B

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 504B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 40B