Manalyze report for 0c6c5bb61b3743dc6a5009bb33f6b63c

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2010-Oct-22 11:17:07
Detected languages	English - United States
Debug artifacts	C:\wrkplace\tomcat-connectors-1.2.31-src\native\iis\Release_x86\isapi_redirect-1.2.31.pdb
Comments	The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
CompanyName	Apache Software Foundation
FileDescription	Apache Tomcat Connector
FileVersion	`1.2.31`
InternalName	isapi_redirector
LegalCopyright	Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership.
OriginalFilename	isapi_redirector.dll
ProductName	Apache Tomcat isapi_redirector Connector
ProductVersion	`1.2.31`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentControlSet\Services` `Contains domain names: apache.org http://tomcat.apache.org http://www.apache.org http://www.apache.org/licenses/LICENSE-2.0 http://www.w3.org http://www.w3.org/1999/xhtml http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd http://www.w3c.org http://www.w3c.org/TR/REC-html40/loose.dtd tomcat.apache.org www.apache.org www.w3.org www.w3c.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5`
Suspicious	The PE contains functions most legitimate programs don't use.	`Can access the registry: RegOpenKeyExA RegQueryValueExA RegCloseKey` `Leverages the raw socket API to access the Internet: WSAIoctl setsockopt socket recv shutdown WSAGetLastError ioctlsocket getsockopt __WSAFDIsSet select WSASetLastError connect inet_addr gethostbyname htons closesocket htonl getpeername send getsockname`
Safe	VirusTotal score: 0/70 (Scanned on 2022-11-23 18:23:49)	`All the AVs think this file is safe.`

Hashes

MD5	`0c6c5bb61b3743dc6a5009bb33f6b63c`
SHA1	`2a11e4d9d18114ddbe0d1fae9ce579c28d45f335`
SHA256	`086f475bf5872aedbc97d008edffb1e71404328ff0067e34c66940a2302f2f3b`
SHA3	`b4900234d3c6dbdd777ec5cdf7b243be475e01ea2d5882a284ca7f53c5770a33`
SSDeep	`6144:q7irfM2ZIh7g8dzHEMWTVFriEnimQRmixRcPlLlaHtYnIKbo7aSr5X/oxdITh:R5Ih7gSzHEMWTVFrVni6ixRcRlOYnIf`
Imports Hash	`d1391d1d081458605bbdc0ffc40056e7`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2010-Oct-22 11:17:07
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.0`
SizeOfCode	`0x42800`
SizeOfInitializedData	`0x17800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0003C4E0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x44000`
ImageBase	`0x6a6b0000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x5d000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`5e6a1696b70e62b347cbb2c8b9c56587`
SHA1	`b5b68f10e7b5358467dfde3c2aae3f07d4dd074d`
SHA256	`f6ed11a921220b86ca43c12edde2de786c5644bdce813ea5dd302e62fca0e83c`
SHA3	`e509a20570140cfd49fe2adbffb220335d7cf1163156a86177254d24c9adfd0d`
VirtualSize	`0x42718`
VirtualAddress	`0x1000`
SizeOfRawData	`0x42800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.64302`

.rdata

MD5	`7a0a3b7b7722546c5fae2458379746f5`
SHA1	`b28b3ec409ddb55b49f7513e4aae5176639bd089`
SHA256	`57f6b334ba592f1552d3ab19e451f44757ef72a884a7134e590dc4a8f4844d97`
SHA3	`46f44eea1d6f15fc86d2a912e819ba25302096325876403798515c4806faaff7`
VirtualSize	`0xe0e0`
VirtualAddress	`0x44000`
SizeOfRawData	`0xe200`
PointerToRawData	`0x42c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.25549`

.data

MD5	`f8f74edf848059c5d6083afae6cc1f1b`
SHA1	`78df71389beef2318758f575d1305336a2c7f4ec`
SHA256	`7cc4a79983e961d22c9aa0142470c79333f43bbea4d4cb5777d4a307526f6d10`
SHA3	`056714ca0990c4c47e72c515313fc76cec52c30da1084f7a5dec9e1f97b8742a`
VirtualSize	`0x3f08`
VirtualAddress	`0x53000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x50e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.84749`

.rsrc

MD5	`ec2609f9356e51334dca4b19a57dd6dc`
SHA1	`e2b348ef4bc286fa0336c431af0050ba224e5201`
SHA256	`d11ff09442cdca14fff267038c2574b63dccb02bbc86878af2341b5a1f35c214`
SHA3	`026cbcfcedbf18f52be606fc69b03a9ce7ea532227f953b8ea87e982d76060d8`
VirtualSize	`0x988`
VirtualAddress	`0x57000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x52c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.29972`

.reloc

MD5	`babf886ed90b554058facabf4bd383fa`
SHA1	`e40b6e2023611f352df47ad6d11a850f3a6951b7`
SHA256	`272ce98bbfb8dbf0cac50392739f84fe4b84fbcad32c21640d8418ead7074d3c`
SHA3	`f64f135ff515d63b9316dcb787e47cc96c3808f0c999d3e49f4fd430ffb9ce10`
VirtualSize	`0x4b6e`
VirtualAddress	`0x58000`
SizeOfRawData	`0x4c00`
PointerToRawData	`0x53600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.7861`

Imports

KERNEL32.dll	`GetLastError` `CloseHandle` `WaitForSingleObject` `Sleep` `GetFileSizeEx` `GetModuleFileNameA` `CreateThread` `SetLastError` `InitializeCriticalSection` `UnmapViewOfFile` `ReleaseMutex` `MapViewOfFile` `CreateMutexA` `OpenMutexA` `OpenFileMappingA` `CreateFileMappingA` `GetCurrentThreadId` `DeleteCriticalSection` `EnterCriticalSection` `GetEnvironmentVariableA` `LeaveCriticalSection` `RtlUnwind` `GetSystemTimeAsFileTime` `GetCurrentProcessId` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `InterlockedCompareExchange` `InterlockedExchange` `OutputDebugStringA`
ADVAPI32.dll	`RegOpenKeyExA` `RegQueryValueExA` `RegCloseKey`
WS2_32.dll	`WSAIoctl` `setsockopt` `socket` `recv` `shutdown` `WSAGetLastError` `ioctlsocket` `getsockopt` `__WSAFDIsSet` `select` `WSASetLastError` `connect` `inet_addr` `gethostbyname` `htons` `closesocket` `htonl` `getpeername` `send` `getsockname`
msvcrt.dll	`strtok` `strchr` `isspace` `malloc` `_snprintf` `memset` `toupper` `strncpy` `time` `atoi` `difftime` `isdigit` `memcpy` `fflush` `fprintf` `_vsnprintf` `isxdigit` `tolower` `_get_osfhandle` `fputs` `strncmp` `strftime` `localtime` `strrchr` `isalnum` `atol` `strstr` `strncat` `strpbrk` `sprintf` `getenv` `fclose` `fgets` `fopen` `memmove` `qsort` `_ftime` `_mbsdec` `_ismbblead` `_XcptFilter` `_initterm` `_amsg_exit` `mbtowc` `__mb_cur_max` `isleadbyte` `localeconv` `_unlock` `_iob` `_lock` `_itoa` `wctomb` `ferror` `iswctype` `wcstombs` `__dllonexit` `_onexit` `realloc` `__badioinfo` `__pioinfo` `_read` `_fileno` `_lseeki64` `_write` `_isatty` `ungetc` `free` `_pwctype` `__lc_collate_cp` `_wcsupr` `_wcslwr` `_strupr` `_strlwr` `_ecvt` `_gcvt` `_mbsupr` `_errno` `_mbslwr` `__CxxFrameHandler` `atof` `calloc` `_strdup` `_strnicmp` `_stricmp` `_stat` `_putenv` `_fdopen`
MSVCRT.dll	`_getpid`

Delayed Imports

GetExtensionVersion

Ordinal	`1`
Address	`0x14560`

GetFilterVersion

Ordinal	`2`
Address	`0x144e0`

HttpExtensionProc

Ordinal	`3`
Address	`0x13f40`

HttpFilterProc

Ordinal	`4`
Address	`0x13230`

TerminateExtension

Ordinal	`5`
Address	`0xff00`

TerminateFilter

Ordinal	`6`
Address	`0xf2e0`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x924`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.4622`
MD5	`90dab9b32592bcf4821968797191dc65`
SHA1	`8939759d42e41f6696524e2a0e1fc087d8f46c15`
SHA256	`87ef526e3d0f43836be83f02c7ed1623979b2eff351087c32d6992f46a331173`
SHA3	`7b53d957299fae038525762ee795774e8928f26e339be059e1a561122a28d414`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.2.31.0
ProductVersion	1.2.31.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
Comments	The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
CompanyName	Apache Software Foundation
FileDescription	Apache Tomcat Connector
FileVersion (#2)	1.2.31
InternalName	isapi_redirector
LegalCopyright	Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership.
OriginalFilename	isapi_redirector.dll
ProductName	Apache Tomcat isapi_redirector Connector
ProductVersion (#2)	1.2.31

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2010-Oct-22 11:17:07
Version	`0.0`
SizeofData	`114`
AddressOfRawData	`0x514a0`
PointerToRawData	`0x500a0`
Referenced File	C:\wrkplace\tomcat-connectors-1.2.31-src\native\iis\Release_x86\isapi_redirect-1.2.31.pdb

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x6a704a18`
SEHandlerTable	`0x6a701520`
SEHandlerCount	`2`

RICH Header

XOR Key	`0xfbfe64ff`
Unmarked objects	`0`
105 (2067)	`9`
ASM objects (VS2008 SP1 build 30729)	`10`
C++ objects (VS2008 SP1 build 30729)	`13`
Imports (VS2008 SP1 build 30729)	`4`
Imports (VS2003 (.NET) build 4035)	`7`
Total imports	`144`
126 (VS2012 build 50727 / VS2005 build 50727)	`1`
C objects (VS2008 SP1 build 30729)	`84`
Exports (VS2008 SP1 build 30729)	`1`
Linker (VS2008 SP1 build 30729)	`1`
Resource objects (VS2008 SP1 build 30729)	`1`

0c6c5bb61b3743dc6a5009bb33f6b63c

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

GetExtensionVersion

GetFilterVersion

HttpExtensionProc

HttpFilterProc

TerminateExtension

TerminateFilter

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors