easy_Benign_ffbf6d7bd26e3c5d385da8050fa7316bd4716ddccb1d29b977482c956aec215d[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

easy_Benign_ffbf6d7bd26e3c5d385da8050fa7316bd4716ddccb1d29b977482c956aec215d.dll
Size

17KB
MD5

c877a2710d9c3416d0e8970d4e66f866
SHA1

47cbf0b9ddc6548d7ea83fe5f08be615a432a3ea
SHA256

ffbf6d7bd26e3c5d385da8050fa7316bd4716ddccb1d29b977482c956aec215d
SHA512

bf1c46fc17296f73b7b263a95a567a0d5a652d8e7094c39640e77b6c11fa71312d7b45bf70c916a21a2843997c9a9c657cbf9df77eb3c79e015752ab40bb2e3f
SSDEEP

192:2ZBvGaNrevGmTln0qN1CiFYM7GdrLud9VgwdEdL5K6DX+//hgDm/Oqtq:EBOOrsG6Gqzf7GdrL+VtdkKewam2qtq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
easy_Benign_ffbf6d7bd26e3c5d385da8050fa7316bd4716ddccb1d29b977482c956aec215d.dll

Files

easy_Benign_ffbf6d7bd26e3c5d385da8050fa7316bd4716ddccb1d29b977482c956aec215d.dll
.dll windows x64

54513dbe70df219b386c8a62b2ceb289

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libhttpd

ap_hook_insert_error_filter
ap_hook_insert_filter
ap_remove_output_filter
ap_add_output_filter
ap_register_output_filter
ap_pass_brigade
ap_log_rerror_
ap_getword_conf
ap_field_noparam

libapr-1

apr_table_setn
apr_table_mergen
apr_table_overlay
apr_table_get
apr_table_make
apr_is_empty_table
apr_psprintf
apr_pstrcat
apr_pstrdup
apr_palloc
apr_rfc822_date

vcruntime140

strchr
memset
__std_type_info_destroy_list
__C_specific_handler
strrchr

api-ms-win-crt-string-l1-1-0

_strnicmp
isdigit

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_crt_atexit
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function

kernel32

IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter

Exports

Exports

expires_module

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54513dbe70df219b386c8a62b2ceb289

Headers

DLL Characteristics

File Characteristics

Imports

libhttpd

libapr-1

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 304B

.pdata Size: 1024B - Virtual size: 612B

.gfids Size: 512B - Virtual size: 16B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 60B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 304B

.pdata
Size: 1024B - Virtual size: 612B

.gfids
Size: 512B - Virtual size: 16B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 60B