C:\Users\aime\hudson\workspace\APACHE_12.2.1.3.0_WINDOWS.X64\apache\stage\src\apr\winbuild\libapr-1.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
libapr-1.dll
Resource
win7-20240215-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
libapr-1.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
libapr-1.dll
-
Size
239KB
-
MD5
f44d73dc4a4b790fb606e4f50a5f55d3
-
SHA1
10914f6b8244a3a26eaf18c7c4590c65bcb27217
-
SHA256
01796d7ddcf4b3916fcce2406a6e0db44da1285c20a26bfe0ff48a21303da384
-
SHA512
b9dc7a1a1fba8de9e02256f01b1b61e4c302596a95869db67905328bc28dc2fe5f94f8d1ed8d6f76f405657f4270bf8276d38ca1f4762ddc0980b37ad13d5f82
-
SSDEEP
3072:yaa+tj1lRXkVraz6iKFOWG9k8zZlficzsQ8ctCE0k3liYidnbX:ycjHR0VZ8WGxOczsQ8ctCIIHdnb
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource libapr-1.dll
Files
-
libapr-1.dll.dll windows:6 windows x64 arch:x64
dc246cc635f1150ff04cb9a945a8a424
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
ws2_32
gethostname
getsockopt
__WSAFDIsSet
WSASend
WSARecv
WSAGetOverlappedResult
sendto
recvfrom
getnameinfo
freeaddrinfo
getaddrinfo
getservbyname
ntohs
ntohl
htons
htonl
getpeername
setsockopt
WSACleanup
WSAStartup
WSAGetLastError
socket
shutdown
send
select
recv
listen
inet_addr
getsockname
ioctlsocket
connect
closesocket
bind
accept
mswsock
TransmitFile
rpcrt4
UuidCreate
kernel32
EncodePointer
DecodePointer
QueryPerformanceCounter
GetTickCount64
DisableThreadLibraryCalls
IsProcessorFeaturePresent
IsDebuggerPresent
GetLastError
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryExW
CreateDirectoryW
FindClose
FindFirstFileW
FindNextFileW
RemoveDirectoryW
CloseHandle
DuplicateHandle
GetCurrentProcess
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFileTime
GetFileType
GetFullPathNameW
SetFileAttributesW
SetFileTime
SetLastError
LocalFree
SetCurrentDirectoryW
GetCurrentDirectoryW
GetDriveTypeA
GetDriveTypeW
LockFile
LockFileEx
UnlockFile
UnlockFileEx
Sleep
GetStdHandle
SetStdHandle
CreateFileW
DeleteFileW
SetFilePointer
GetOverlappedResult
DeviceIoControl
CancelIo
WaitForSingleObject
MoveFileExW
CreateHardLinkW
CreateFileA
CreatePipe
CreateEventA
CreateNamedPipeA
FlushFileBuffers
ReadFile
WriteFile
PeekNamedPipe
SetEndOfFile
ReleaseMutex
CreateMutexW
OpenMutexW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
CreateSemaphoreA
TryEnterCriticalSection
SetEvent
ResetEvent
CreateMutexA
FormatMessageA
GetExitCodeProcess
GetACP
GetLocaleInfoA
GetThreadLocale
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcessId
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
GetVersionExA
GetModuleFileNameA
LoadLibraryA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCommandLineW
TlsFree
GlobalFree
GetSystemInfo
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
SetHandleInformation
GetCurrentThread
CreateFileMappingW
GetHandleInformation
CreateProcessW
OpenProcess
WaitForMultipleObjects
TerminateProcess
SwitchToThread
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
ExpandEnvironmentStringsW
OpenFileMappingW
shell32
CommandLineToArgvW
advapi32
RegQueryValueExW
RegOpenKeyExA
FreeSid
GetEffectiveRightsFromAclW
GetNamedSecurityInfoA
GetNamedSecurityInfoW
GetSecurityInfo
CryptAcquireContextA
CryptReleaseContext
RegCloseKey
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
LookupAccountNameA
LookupAccountSidA
IsValidSid
EqualSid
LogonUserW
SetSecurityDescriptorDacl
RevertToSelf
InitializeSecurityDescriptor
ImpersonateLoggedOnUser
DuplicateTokenEx
CreateProcessAsUserW
LookupPrivilegeValueA
PrivilegeCheck
OpenThreadToken
OpenProcessToken
CryptGenRandom
AllocateAndInitializeSid
msvcr110
fputs
fputc
_getch
isspace
tolower
modf
_strtoi64
calloc
getenv
__doserrno
_beginthreadex
_endthreadex
strftime
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCaptureCurrentContext
__crtCapturePreviousContext
_lock
_unlock
_calloc_crt
__dllonexit
__C_specific_handler
_onexit
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
__clean_type_info_names_internal
_strnicmp
_getpid
_stricmp
isupper
islower
isdigit
isxdigit
strchr
strncmp
memcpy
rand
srand
strrchr
wcschr
memset
__iob_func
fflush
setvbuf
_close
_commit
_dup2
_isatty
_setmode
_get_osfhandle
_open_osfhandle
toupper
memmove
memcmp
isalpha
wcsncmp
free
malloc
strerror
fprintf
realloc
atoi
sprintf
strcmp
_environ
_wenviron
_errno
memchr
strtol
iscntrl
exit
Exports
Exports
apr_allocator_alloc
apr_allocator_create
apr_allocator_destroy
apr_allocator_free
apr_allocator_max_free_set
apr_allocator_mutex_get
apr_allocator_mutex_set
apr_allocator_owner_get
apr_allocator_owner_set
apr_app_init_complete
apr_app_initialize
apr_array_append
apr_array_cat
apr_array_clear
apr_array_copy
apr_array_copy_hdr
apr_array_make
apr_array_pop
apr_array_pstrcat
apr_array_push
apr_atoi64
apr_atomic_add32
apr_atomic_cas32
apr_atomic_casptr
apr_atomic_dec32
apr_atomic_inc32
apr_atomic_init
apr_atomic_read32
apr_atomic_set32
apr_atomic_sub32
apr_atomic_xchg32
apr_atomic_xchgptr
apr_collapse_spaces
apr_conv_ucs2_to_utf8
apr_conv_utf8_to_ucs2
apr_cpystrn
apr_crypto_sha256_new
apr_ctime
apr_day_snames
apr_dbg_log
apr_dir_close
apr_dir_make
apr_dir_make_recursive
apr_dir_open
apr_dir_read
apr_dir_remove
apr_dir_rewind
apr_dso_error
apr_dso_load
apr_dso_sym
apr_dso_unload
apr_env_delete
apr_env_get
apr_env_set
apr_escape_echo
apr_escape_entity
apr_escape_hex
apr_escape_path
apr_escape_path_segment
apr_escape_shell
apr_escape_urlencoded
apr_file_append
apr_file_attrs_set
apr_file_buffer_set
apr_file_buffer_size_get
apr_file_close
apr_file_copy
apr_file_data_get
apr_file_data_set
apr_file_datasync
apr_file_dup
apr_file_dup2
apr_file_eof
apr_file_flags_get
apr_file_flush
apr_file_getc
apr_file_gets
apr_file_info_get
apr_file_inherit_set
apr_file_inherit_unset
apr_file_link
apr_file_lock
apr_file_mktemp
apr_file_mtime_set
apr_file_name_get
apr_file_namedpipe_create
apr_file_open
apr_file_open_flags_stderr
apr_file_open_flags_stdin
apr_file_open_flags_stdout
apr_file_open_stderr
apr_file_open_stdin
apr_file_open_stdout
apr_file_perms_set
apr_file_pipe_create
apr_file_pipe_create_ex
apr_file_pipe_timeout_get
apr_file_pipe_timeout_set
apr_file_pool_get
apr_file_printf
apr_file_putc
apr_file_puts
apr_file_read
apr_file_read_full
apr_file_remove
apr_file_rename
apr_file_seek
apr_file_setaside
apr_file_sync
apr_file_trunc
apr_file_ungetc
apr_file_unlock
apr_file_write
apr_file_write_full
apr_file_writev
apr_file_writev_full
apr_filepath_encoding
apr_filepath_get
apr_filepath_list_merge
apr_filepath_list_split
apr_filepath_merge
apr_filepath_name_get
apr_filepath_root
apr_filepath_set
apr_fnmatch
apr_fnmatch_test
apr_generate_random_bytes
apr_gethostname
apr_getnameinfo
apr_getopt
apr_getopt_init
apr_getopt_long
apr_getservbyname
apr_gid_compare
apr_gid_get
apr_gid_name_get
apr_hash_clear
apr_hash_copy
apr_hash_count
apr_hash_do
apr_hash_first
apr_hash_get
apr_hash_make
apr_hash_make_custom
apr_hash_merge
apr_hash_next
apr_hash_overlay
apr_hash_pool_get
apr_hash_set
apr_hash_this
apr_hash_this_key
apr_hash_this_key_len
apr_hash_this_val
apr_hashfunc_default
apr_initialize
apr_ipsubnet_create
apr_ipsubnet_test
apr_is_empty_array
apr_is_empty_table
apr_itoa
apr_ltoa
apr_match_glob
apr_mcast_hops
apr_mcast_interface
apr_mcast_join
apr_mcast_leave
apr_mcast_loopback
apr_mmap_create
apr_mmap_delete
apr_mmap_dup
apr_mmap_offset
apr_month_snames
apr_off_t_toa
apr_os_default_encoding
apr_os_dir_get
apr_os_dir_put
apr_os_dso_handle_get
apr_os_dso_handle_put
apr_os_exp_time_get
apr_os_exp_time_put
apr_os_file_get
apr_os_file_put
apr_os_imp_time_get
apr_os_imp_time_put
apr_os_level
apr_os_locale_encoding
apr_os_pipe_put
apr_os_pipe_put_ex
apr_os_proc_mutex_get
apr_os_proc_mutex_put
apr_os_shm_get
apr_os_shm_put
apr_os_sock_get
apr_os_sock_make
apr_os_sock_put
apr_os_thread_current
apr_os_thread_equal
apr_os_thread_get
apr_os_thread_put
apr_os_threadkey_get
apr_os_threadkey_put
apr_os_uuid_get
apr_palloc
apr_palloc_debug
apr_parse_addr_port
apr_password_get
apr_pcalloc
apr_pcalloc_debug
apr_pescape_echo
apr_pescape_entity
apr_pescape_hex
apr_pescape_path
apr_pescape_path_segment
apr_pescape_shell
apr_pescape_urlencoded
apr_pmemdup
apr_poll
apr_poll_method_defname
apr_pollcb_add
apr_pollcb_create
apr_pollcb_create_ex
apr_pollcb_poll
apr_pollcb_remove
apr_pollset_add
apr_pollset_create
apr_pollset_create_ex
apr_pollset_destroy
apr_pollset_method_name
apr_pollset_poll
apr_pollset_remove
apr_pollset_wakeup
apr_pool_abort_get
apr_pool_abort_set
apr_pool_allocator_get
apr_pool_child_cleanup_set
apr_pool_cleanup_for_exec
apr_pool_cleanup_kill
apr_pool_cleanup_null
apr_pool_cleanup_register
apr_pool_cleanup_run
apr_pool_clear
apr_pool_clear_debug
apr_pool_create_core_ex
apr_pool_create_core_ex_debug
apr_pool_create_ex
apr_pool_create_ex_debug
apr_pool_create_unmanaged_ex
apr_pool_create_unmanaged_ex_debug
apr_pool_destroy
apr_pool_destroy_debug
apr_pool_initialize
apr_pool_is_ancestor
apr_pool_note_subprocess
apr_pool_parent_get
apr_pool_pre_cleanup_register
apr_pool_tag
apr_pool_terminate
apr_pool_userdata_get
apr_pool_userdata_set
apr_pool_userdata_setn
apr_proc_create
apr_proc_detach
apr_proc_kill
apr_proc_mutex_child_init
apr_proc_mutex_cleanup
apr_proc_mutex_create
apr_proc_mutex_defname
apr_proc_mutex_destroy
apr_proc_mutex_lock
apr_proc_mutex_lockfile
apr_proc_mutex_name
apr_proc_mutex_pool_get
apr_proc_mutex_trylock
apr_proc_mutex_unlock
apr_proc_other_child_alert
apr_proc_other_child_refresh
apr_proc_other_child_refresh_all
apr_proc_other_child_register
apr_proc_other_child_unregister
apr_proc_wait
apr_proc_wait_all_procs
apr_procattr_addrspace_set
apr_procattr_child_err_set
apr_procattr_child_errfn_set
apr_procattr_child_in_set
apr_procattr_child_out_set
apr_procattr_cmdtype_set
apr_procattr_create
apr_procattr_detach_set
apr_procattr_dir_set
apr_procattr_error_check_set
apr_procattr_group_set
apr_procattr_io_set
apr_procattr_user_set
apr_psprintf
apr_pstrcat
apr_pstrcatv
apr_pstrdup
apr_pstrmemdup
apr_pstrndup
apr_punescape_entity
apr_punescape_hex
apr_punescape_url
apr_pvsprintf
apr_random_add_entropy
apr_random_after_fork
apr_random_barrier
apr_random_init
apr_random_insecure_bytes
apr_random_insecure_ready
apr_random_secure_bytes
apr_random_secure_ready
apr_random_standard_new
apr_rfc822_date
apr_shm_attach
apr_shm_attach_ex
apr_shm_baseaddr_get
apr_shm_create
apr_shm_create_ex
apr_shm_destroy
apr_shm_detach
apr_shm_pool_get
apr_shm_remove
apr_shm_size_get
apr_signal_block
apr_signal_description_get
apr_signal_unblock
apr_skiplist_add_index
apr_skiplist_alloc
apr_skiplist_destroy
apr_skiplist_find
apr_skiplist_find_compare
apr_skiplist_free
apr_skiplist_getlist
apr_skiplist_init
apr_skiplist_insert
apr_skiplist_insert_compare
apr_skiplist_merge
apr_skiplist_next
apr_skiplist_peek
apr_skiplist_pop
apr_skiplist_previous
apr_skiplist_remove
apr_skiplist_remove_all
apr_skiplist_remove_compare
apr_skiplist_set_compare
apr_sleep
apr_snprintf
apr_sockaddr_equal
apr_sockaddr_info_get
apr_sockaddr_ip_get
apr_sockaddr_ip_getbuf
apr_sockaddr_is_wildcard
apr_socket_accept
apr_socket_addr_get
apr_socket_atmark
apr_socket_atreadeof
apr_socket_bind
apr_socket_close
apr_socket_connect
apr_socket_create
apr_socket_data_get
apr_socket_data_set
apr_socket_inherit_set
apr_socket_inherit_unset
apr_socket_listen
apr_socket_opt_get
apr_socket_opt_set
apr_socket_pool_get
apr_socket_protocol_get
apr_socket_recv
apr_socket_recvfrom
apr_socket_send
apr_socket_sendfile
apr_socket_sendto
apr_socket_sendv
apr_socket_shutdown
apr_socket_timeout_get
apr_socket_timeout_set
apr_socket_type_get
apr_stat
apr_strerror
apr_strfsize
apr_strftime
apr_strnatcasecmp
apr_strnatcmp
apr_strtoff
apr_strtoi64
apr_strtok
apr_table_add
apr_table_addn
apr_table_clear
apr_table_clone
apr_table_compress
apr_table_copy
apr_table_do
apr_table_elts
apr_table_get
apr_table_getm
apr_table_make
apr_table_merge
apr_table_mergen
apr_table_overlap
apr_table_overlay
apr_table_set
apr_table_setn
apr_table_unset
apr_table_vdo
apr_temp_dir_get
apr_terminate
apr_terminate2
apr_thread_cond_broadcast
apr_thread_cond_create
apr_thread_cond_destroy
apr_thread_cond_pool_get
apr_thread_cond_signal
apr_thread_cond_timedwait
apr_thread_cond_wait
apr_thread_create
apr_thread_data_get
apr_thread_data_set
apr_thread_detach
apr_thread_exit
apr_thread_join
apr_thread_mutex_create
apr_thread_mutex_destroy
apr_thread_mutex_lock
apr_thread_mutex_pool_get
apr_thread_mutex_trylock
apr_thread_mutex_unlock
apr_thread_once
apr_thread_once_init
apr_thread_pool_get
apr_thread_rwlock_create
apr_thread_rwlock_destroy
apr_thread_rwlock_pool_get
apr_thread_rwlock_rdlock
apr_thread_rwlock_tryrdlock
apr_thread_rwlock_trywrlock
apr_thread_rwlock_unlock
apr_thread_rwlock_wrlock
apr_thread_yield
apr_threadattr_create
apr_threadattr_detach_get
apr_threadattr_detach_set
apr_threadattr_guardsize_set
apr_threadattr_stacksize_set
apr_threadkey_data_get
apr_threadkey_data_set
apr_threadkey_private_create
apr_threadkey_private_delete
apr_threadkey_private_get
apr_threadkey_private_set
apr_time_ansi_put
apr_time_clock_hires
apr_time_exp_get
apr_time_exp_gmt
apr_time_exp_gmt_get
apr_time_exp_lt
apr_time_exp_tz
apr_time_now
apr_tokenize_to_argv
apr_uid_compare
apr_uid_current
apr_uid_get
apr_uid_homepath_get
apr_uid_name_get
apr_unescape_entity
apr_unescape_hex
apr_unescape_url
apr_version
apr_version_string
apr_vformatter
apr_vsnprintf
Sections
.text Size: 166KB - Virtual size: 166KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 45KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 988B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ