2b2f72d46df3933b1fbda6010a411a7e04ff78b2a7da142f91132d1376cc6ae1

Sharing

Copy URL Twitter E-mail

General

Target

2b2f72d46df3933b1fbda6010a411a7e04ff78b2a7da142f91132d1376cc6ae1
Size

48KB
MD5

f1c16452caf7590c0d6ec7332ec16632
SHA1

5c773e1ba5bdf3b8391608c5c4472446c509c354
SHA256

2b2f72d46df3933b1fbda6010a411a7e04ff78b2a7da142f91132d1376cc6ae1
SHA512

7c9c91b2639c01d90e6df9ca9a251d4575c7104cb57a73d32cbf42c3c84319590c35b59d4d2e40e88e2b2351a6b46fbc7e7ff5bfca7686f8c715901fe70c5277
SSDEEP

768:5hKC/DQ6piu8hEyn8NOfKgZommPw+bKjD5J2j3bW6Ee2NIrmFZqiTg0L7HqrM:CC3QEyn84h5GdbKj/eue2lUkqr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b2f72d46df3933b1fbda6010a411a7e04ff78b2a7da142f91132d1376cc6ae1

Files

2b2f72d46df3933b1fbda6010a411a7e04ff78b2a7da142f91132d1376cc6ae1
.dll windows:6 windows x64 arch:x64

872c561c7b82bf977837892a58c6dec2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\VC16\Win64\httpd-2.4\x64\Release\mod_dav_fs.pdb

Imports

ws2_32

ntohs
htons

libhttpd

ap_log_error_
ap_server_conf
ap_server_root_relative
ap_log_assert
ap_make_dirstr_parent

libaprutil-1

apr_uuid_get
apr_xml_quote_elem
apr_xml_to_text
apr_text_append
apr_dbm_get_usednames
apr_uuid_parse
apr_dbm_freedatum
apr_uuid_format
apr_dbm_nextkey
apr_dbm_firstkey
apr_dbm_exists
apr_dbm_geterror
apr_dbm_open
apr_dbm_close
apr_dbm_fetch
apr_dbm_store
apr_dbm_delete

libapr-1

apr_file_rename
apr_file_seek
apr_file_perms_set
apr_dir_remove
apr_pstrmemdup
apr_dir_read
apr_day_snames
apr_dir_close
apr_dir_open
apr_pool_cleanup_null
apr_filepath_root
apr_pool_cleanup_run
apr_psprintf
apr_pool_cleanup_kill
apr_pool_cleanup_register
apr_time_exp_gmt
apr_file_info_get
apr_file_write_full
apr_file_read
apr_file_remove
apr_file_close
apr_file_open
apr_stat
apr_hash_get
apr_hash_set
apr_hash_make
apr_dir_make
apr_pstrcat
apr_pmemdup
apr_pstrdup
apr_palloc
apr_month_snames
apr_snprintf

mod_dav.so

dav_new_error
dav_check_bufsize
dav_xmlns_add
dav_buffer_append
dav_buffer_place
dav_hook_gather_propsets
dav_hook_find_liveprop
dav_hook_insert_all_liveprops
dav_buffer_place_mem
dav_register_provider
dav_do_find_liveprop
dav_set_bufsize
dav_get_liveprop_info
dav_register_liveprop_group
dav_lock_query
dav_add_response
dav_buffer_init
dav_push_error

vcruntime140

memset
memcpy
__std_type_info_destroy_list
__C_specific_handler
strchr
memmove
memcmp
strstr
strrchr

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_initterm_e
_initterm
_cexit
_getpid
_execute_onexit_table

kernel32

UnhandledExceptionFilter
RtlCaptureContext
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry

Exports

Exports

dav_fs_module

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

872c561c7b82bf977837892a58c6dec2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

libhttpd

libaprutil-1

libapr-1

mod_dav.so

vcruntime140

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 196B

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 196B