e9bc3752fe4a396d88df5e416e9b80266a219dc33b9e54a61528a29c7e11dd16N

Sharing

Copy URL

Twitter E-mail

General

Target

e9bc3752fe4a396d88df5e416e9b80266a219dc33b9e54a61528a29c7e11dd16N
Size

11KB
MD5

95b0d726c1de095bcdd718cd81257160
SHA1

783d34e476bc23c9ca9c2a01fc5d591d1a941d1b
SHA256

e9bc3752fe4a396d88df5e416e9b80266a219dc33b9e54a61528a29c7e11dd16
SHA512

f4b16356c6fea6956209aa0a8c46df9e2dd38184b9555df20efec1a903e84d4538558b3be7de578a7fab36ab1acf28d47323cad5646606adcfae0cafd6bf56e5
SSDEEP

192:QBxhIjt7BC2dBFA5aMsismmsrBY3XpqkOqKE:QDhIhYj5aMsiuWoMNqKE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e9bc3752fe4a396d88df5e416e9b80266a219dc33b9e54a61528a29c7e11dd16N

Files

e9bc3752fe4a396d88df5e416e9b80266a219dc33b9e54a61528a29c7e11dd16N
.dll windows:6 windows x86 arch:x86

6da07a82cc08a6b02a61fa664d7faaed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\build\httpd-2.4.18\modules\filters\Release\mod_reflector.pdb

Imports

libapr-1

_apr_strtoff@16
_apr_palloc@8
_apr_table_make@8
_apr_table_get@8
_apr_table_setn@12
_apr_table_addn@12
_apr_table_overlay@12
apr_table_do
_apr_time_now@0

libaprutil-1

_apr_brigade_create@8
_apr_brigade_cleanup@4
_apr_brigade_write@20
apr_bucket_type_eos
_apr_brigade_destroy@4

libhttpd

_ap_set_last_modified@4
_ap_set_content_length@12
_ap_set_content_type@8
_ap_pass_brigade@8
_ap_get_brigade@24
_ap_hook_handler@16
_ap_set_accept_ranges@4
_ap_map_http_request_error@8
_ap_update_mtime@12
ap_allow_methods
ap_log_rerror_
_ap_send_http_options@4

msvcr110

_except_handler4_common
_lock
_initterm_e
_initterm
_malloc_crt
free
_amsg_exit
__CppXcptFilter
_calloc_crt
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_unlock
__clean_type_info_names_internal
_onexit
__dllonexit

kernel32

EncodePointer
DecodePointer
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
IsDebuggerPresent
IsProcessorFeaturePresent

Exports

Exports

reflector_module

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 586B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6da07a82cc08a6b02a61fa664d7faaed

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libapr-1

libaprutil-1

libhttpd

msvcr110

kernel32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 916B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 586B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 916B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 586B