httpd[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

httpd.exe
Size

1.2MB
MD5

40a2dfee3dfe9c9d05cf2e7394ef5594
SHA1

8a445bb8f32f824c81b2835ca3a332fa809b9b48
SHA256

dab4f137540205ff89a928513c4f9d1bdd07685d866a6bba0b7a428ec8cf4e24
SHA512

230b8de5afcfe03946d094634266c9c3d429c6bb74e754ef6e3e84157753c276b9fa3d0e67088e24c1b8111efba2f5ba99fef43295d72985385517d915a01014
SSDEEP

24576:wTJvQQT3bClV84yOVsNhCSw8LxLRyG0anQBECoXLStrDsJ:HQT3bCEl4auECFN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
httpd.exe

Files

httpd.exe
.exe windows x86

6967b121dcf0372b9f8a1656ab595d47

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

advapi32

CreateProcessAsUserA
GetUserNameA
LogonUserA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

kernel32

AllocConsole
CloseHandle
CopyFileA
CreateFileA
CreateFileMappingA
CreateFileW
CreateMutexA
CreateProcessA
CreateThread
DeleteCriticalSection
DeleteFileA
DosDateTimeToFileTime
DuplicateHandle
EnterCriticalSection
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FreeConsole
FreeEnvironmentStringsA
FreeLibrary
FreeResource
GenerateConsoleCtrlEvent
GetACP
GetCPInfo
GetCommandLineA
GetComputerNameA
GetConsoleScreenBufferInfo
GetConsoleTitleA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentVariableA
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFileTime
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetPriorityClass
GetProcAddress
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetSystemDefaultLangID
GetSystemInfo
GetSystemTime
GetTempPathA
GetTimeZoneInformation
GetUserDefaultLangID
GetVersion
GetVersionExA
GetVolumeInformationA
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalUnlock
InitializeCriticalSection
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LocalHandle
LocalLock
LocalReAlloc
LocalUnlock
LockResource
MapViewOfFile
MoveFileA
MulDiv
MultiByteToWideChar
OpenEventA
OpenMutexA
OpenProcess
RaiseException
ReadConsoleOutputCharacterA
ReadFile
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryA
ResumeThread
RtlUnwind
SetConsoleActiveScreenBuffer
SetConsoleCtrlHandler
SetConsoleCursorPosition
SetConsoleTitleA
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleCount
SetThreadPriority
Sleep
SuspendThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualQuery
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleOutputCharacterA
WriteFile
_lclose
_lcreat
_llseek
_lopen
_lread
_lwrite
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wsock32

WSACancelBlockingCall
WSACleanup
WSAGetLastError
WSAStartup
accept
closesocket
connect
gethostbyaddr
gethostbyname
gethostname
getsockname
htons
inet_addr
inet_ntoa
listen
ntohl
ntohs
recv
select
send
shutdown
socket
bind

comdlg32

CommDlgExtendedError
FindTextA
GetOpenFileNameA
ReplaceTextA
GetSaveFileNameA

gdi32

BitBlt
CombineRgn
CopyEnhMetaFileA
CopyMetaFileA
CreateBitmap
CreateBitmapIndirect
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDIBPatternBrush
CreateDIBitmap
CreateDiscardableBitmap
CreateEllipticRgnIndirect
CreateFontA
CreateFontIndirectA
CreateHatchBrush
CreateICA
CreatePalette
CreatePatternBrush
CreatePolyPolygonRgn
CreatePolygonRgn
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteMetaFile
DeleteObject
ExtTextOutA
GetClipRgn
GetCurrentObject
GetDIBits
GetDeviceCaps
GetEnhMetaFileA
GetMetaFileA
GetMetaFileBitsEx
GetObjectA
GetPaletteEntries
GetStockObject
GetSystemPaletteEntries
GetTextExtentPointA
GetTextMetricsA
GetViewportOrgEx
IntersectClipRect
LineTo
MoveToEx
OffsetViewportOrgEx
OffsetWindowOrgEx
PatBlt
PlayEnhMetaFile
PlayMetaFile
RealizePalette
ResetDCA
RestoreDC
SaveDC
ScaleViewportExtEx
ScaleWindowExtEx
SelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetEnhMetaFileBits
SetMapMode
SetMetaFileBitsEx
SetPixel
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
TextOutA

shell32

ExtractIconA
Shell_NotifyIconA

user32

AppendMenuA
BeginDeferWindowPos
BeginPaint
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
CheckMenuItem
CheckMenuRadioItem
CheckRadioButton
ClientToScreen
CloseClipboard
CopyIcon
CreateDialogParamA
CreateIcon
CreateIconFromResource
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DeferWindowPos
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawEdge
DrawFrameControl
DrawIcon
DrawMenuBar
DrawStateA
DrawTextA
EnableMenuItem
EnableWindow
EndDeferWindowPos
EndDialog
EndPaint
EnumClipboardFormats
EnumThreadWindows
FindWindowA
FrameRect
GetActiveWindow
GetClassInfoA
GetClassNameA
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetFocus
GetMenu
GetMenuDefaultItem
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetParent
GetScrollInfo
GetSubMenu
GetSysColor
GetSystemMenu
GetSystemMetrics
GetUpdateRgn
GetWindow
GetWindowDC
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
GetWindowThreadProcessId
GrayStringA
InsertMenuA
InsertMenuItemA
InvalidateRect
IsChild
IsClipboardFormatAvailable
IsDialogMessageA
IsDlgButtonChecked
IsIconic
IsMenu
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadAcceleratorsA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
LoadMenuA
LoadMenuIndirectA
MapWindowPoints
MessageBeep
MessageBoxA
MessageBoxExA
ModifyMenuA
MsgWaitForMultipleObjects
OemToCharA
OpenClipboard
PeekMessageA
PostMessageA
PostQuitMessage
PostThreadMessageA
RegisterClassA
RegisterHotKey
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
SendDlgItemMessageA
SendMessageA
SetCapture
SetClipboardData
SetCursor
SetDlgItemTextA
SetFocus
SetForegroundWindow
SetMenu
SetMenuDefaultItem
SetMenuItemInfoA
SetParent
SetScrollInfo
SetTimer
SetWindowLongA
SetWindowPlacement
SetWindowPos
SetWindowTextA
ShowScrollBar
ShowWindow
TabbedTextOutA
TrackPopupMenu
TranslateAcceleratorA
TranslateMDISysAccel
TranslateMessage
UnregisterClassA
UnregisterHotKey
UpdateWindow
WaitForInputIdle
WaitMessage
WindowFromPoint
wsprintfA

Exports

Exports

@__lockDebuggerData$qv
@__unlockDebuggerData$qv
__DebuggerHookData
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 899KB - Virtual size: 900KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 233KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 84KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6967b121dcf0372b9f8a1656ab595d47

Headers

File Characteristics

Imports

advapi32

kernel32

version

wsock32

comdlg32

gdi32

shell32

user32

Exports

Exports

Sections

.text Size: 899KB - Virtual size: 900KB

.data Size: 233KB - Virtual size: 264KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 11KB - Virtual size: 12KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 84KB - Virtual size: 88KB

.reloc Size: 48KB - Virtual size: 52KB

.text
Size: 899KB - Virtual size: 900KB

.data
Size: 233KB - Virtual size: 264KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 11KB - Virtual size: 12KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 84KB - Virtual size: 88KB

.reloc
Size: 48KB - Virtual size: 52KB