a4ff1a37f2d6536baaab6b88cf189030

General

Target

a4ff1a37f2d6536baaab6b88cf189030
Size

10KB
MD5

a4ff1a37f2d6536baaab6b88cf189030
SHA1

75ffa0f80ba5be762df0b514c99cf7decfdb8720
SHA256

caf77cba7175e09b64c8d037ad2737eb2ff7b9dedc0c56fd1de7202d05678bd3
SHA512

f27697181040f9b305ef0d93b0fcddca1147c793a30da7d6cdd2ee4fa2803065feb3aac800b68928a1b8fe6e6245d61a2fc03e944ab15e4c58a9f9f83b2adfc2
SSDEEP

192:TeROUK4b2FoyMr6LgB/T73XfVlD62AXLOqR2:LD4bUor/vVlsSqR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4ff1a37f2d6536baaab6b88cf189030

Files

a4ff1a37f2d6536baaab6b88cf189030
.dll windows:5 windows x86 arch:x86

75cd97d9a4d69318ab768bc06b5d58e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\build\httpd-2.4.10\modules\loggers\Release\mod_logio.pdb

Imports

libapr-1

_apr_palloc@8
_apr_off_t_toa@12

libhttpd

_ap_register_input_filter@16
_ap_add_input_filter@16
_ap_get_brigade@24
_ap_hook_pre_connection@16
_ap_hook_log_transaction@16
_ap_hook_pre_config@16

libaprutil-1

_apr_brigade_length@12
_apr_dynamic_fn_retrieve@4
apr_dynamic_fn_register

msvcr90

_malloc_crt
_encode_pointer
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_crt_debugger_hook
free

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange

Exports

Exports

logio_module

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 474B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75cd97d9a4d69318ab768bc06b5d58e1

Headers

File Characteristics

PDB Paths

Imports

libapr-1

libhttpd

libaprutil-1

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 932B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 474B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 932B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 474B