Manalyze report for 18a8530bf8b1aadebc415ea28e7a7c54

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2024-Apr-02 21:00:23
Detected languages	English - United States
Debug artifacts	C:\Apps\vscode\mod_auth_openidc-master\x64\Release\mod_auth_openidc.pdb

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: 3Apingidentity.com apache.org example.com github.com http://openid.net http://schemas.openid.net http://schemas.openid.net/event/backchannel-logout http://www.w3.org http://www.w3.org/TR/html4/strict.dtd httpd.apache.org https://example.com https://github.com https://httpd.apache.org https://httpd.apache.org/docs/2.4/custom-error.html https://openid.net mitreid.org openid.net schemas.openid.net seed.gluu.org window.top www.w3.org`
Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Suspicious	The PE contains functions most legitimate programs don't use.	`Uses Microsoft's cryptographic API: CRYPTO_free` `Leverages the raw socket API to access the Internet: htonl`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`18a8530bf8b1aadebc415ea28e7a7c54`
SHA1	`d431d38309c435197b159ee32ff03ff9d94a67bf`
SHA256	`1bffb3cf823f47db7a6c722ccceb7959e0be46a1a3847ca6b1f3f2f23b207024`
SHA3	`1d6a2f4b04f1467208d5b13e5d90673b3010ebaf3e842127309d8d2d38e8a2fd`
SSDeep	`12288:+x/vw6ybAotG38DAOJv8tvggQRPBwBi81B:mb4G38AOJv8tvggQRPBf81B`
Imports Hash	`c683234820240401517d8583e39c6374`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2024-Apr-02 21:00:23
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x40e00`
SizeOfInitializedData	`0x20400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000004124C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x65000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`103527fd91c0ce0fa973b14e3c48ca87`
SHA1	`a2043bc225537071ba58fed2a4c24001400c2e8d`
SHA256	`4c7c7ffc5440af4c65c56e8849ec162c0bb2cc110fff2abe2eabb9506cfc39fc`
SHA3	`3504630db4f57e6f7f8d4a7548def6f84774b2ea6315c831c8c050f2cbf06cb5`
VirtualSize	`0x40c78`
VirtualAddress	`0x1000`
SizeOfRawData	`0x40e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.12383`

.rdata

MD5	`72215fb5296f8e303c6fb9d10536a277`
SHA1	`ba7ef30e270548d0268cf4badf92c8600c178aaa`
SHA256	`8256ae6a506bc888c7bdc66f0e53da1300a835c1d9bf817a24f4f5af47566ff3`
SHA3	`1a834ea084f22113928fbc0232401cf8d2d3c213961739e2cab6ddf963b4b224`
VirtualSize	`0x1c416`
VirtualAddress	`0x42000`
SizeOfRawData	`0x1c600`
PointerToRawData	`0x41200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.3961`

.data

MD5	`ad55ec70b98dae420b66ddc9d8c9a122`
SHA1	`e8bf9f25481aea931710dfc5d01b3118836e6a8a`
SHA256	`fa9f20cb62e227b31ea12e1779e65a9681418c9d053c6b82ee2288c62af7b8b5`
SHA3	`84e22eb1ca893656b296e153a59f9ffe579cca6c19aea6701b35d220ce4e74fb`
VirtualSize	`0xbd0`
VirtualAddress	`0x5f000`
SizeOfRawData	`0x600`
PointerToRawData	`0x5d800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.08306`

.pdata

MD5	`fc396eb1342e146af1e026e08add96ad`
SHA1	`e9875def821eb9144fb936bba5cbd133079d79d6`
SHA256	`6563769ea1681bb031f23676410983e7954dcb29e3059755be3ea26f6c0186c8`
SHA3	`73738718fad3631d98794462ff1922b719d4cd2bdf04daf05cfdd4fbb2307e9c`
VirtualSize	`0x297c`
VirtualAddress	`0x60000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0x5de00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.62571`

.rsrc

MD5	`22d8e4bb42fcdb0fdadf7d35f161bb5e`
SHA1	`373f985d46cd6e0fc0d8dc0c6029248ffb5128bc`
SHA256	`b811bfe9601f34ee01f64403a6f3ea678448952047b27931d44b1d8bd033d6a9`
SHA3	`6924fd744f4dcea9fb5b95f5887f2454758e104c19852de942796886d8e48b34`
VirtualSize	`0x1e0`
VirtualAddress	`0x63000`
SizeOfRawData	`0x200`
PointerToRawData	`0x60800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.71839`

.reloc

MD5	`8ce08f8b3e0691f9e571006938962edd`
SHA1	`261d51ec7ce075751e92e2d0bd6c35ba304288dc`
SHA256	`d930b2df423b4c6d34a2819cb8e574822f94f59836460e6946dbe2df0dafe2da`
SHA3	`e591af6a7d855a7e8e8ddfa05883047704f48c95984f8177828723892d35e169`
VirtualSize	`0x49c`
VirtualAddress	`0x64000`
SizeOfRawData	`0x600`
PointerToRawData	`0x60a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.74863`

Imports

KERNEL32.dll	`SearchPathA` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `IsDebuggerPresent` `InitializeSListHead` `DisableThreadLibraryCalls` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `IsProcessorFeaturePresent` `TerminateProcess`
WS2_32.dll	`htonl`
libcrypto-3-x64.dll	`EVP_aes_192_cbc` `AES_wrap_key` `EVP_sha512` `EVP_CIPHER_get_block_size` `EVP_CIPHER_CTX_ctrl` `EVP_aes_256_gcm` `EVP_EncryptUpdate` `EVP_CIPHER_CTX_reset` `AES_set_decrypt_key` `EVP_CIPHER_CTX_free` `EVP_EncryptFinal_ex` `ECDSA_do_sign` `BN_num_bits` `OBJ_sn2nid` `EVP_aes_128_cbc` `EC_KEY_set_private_key` `RSA_private_decrypt` `EVP_DecryptInit_ex` `EVP_PKEY_CTX_free` `EVP_PKEY_new` `EC_POINT_mul` `RSA_new` `EVP_PKEY_get_utf8_string_param` `X509_get_pubkey` `BIO_new` `i2d_X509` `EVP_PKEY_get_base_id` `BN_clear_free` `BIO_ctrl` `AES_set_encrypt_key` `EVP_EncryptInit_ex` `PEM_write_bio_X509` `AES_unwrap_key` `EVP_DecryptFinal_ex` `EVP_DecryptUpdate` `BN_bn2bin` `EVP_sha384` `EVP_aes_256_cbc` `EVP_CIPHER_CTX_new` `EVP_DigestFinal_ex` `ECDSA_SIG_new` `RSA_padding_add_PKCS1_PSS` `EVP_DigestFinal` `ECDSA_do_verify` `EVP_MD_get_size` `ECDSA_SIG_set0` `HMAC_CTX_new` `HMAC_Update` `ECDSA_SIG_free` `RSA_verify` `RSA_public_encrypt` `RSA_sign` `HMAC_Init_ex` `RSA_private_encrypt` `HMAC_CTX_free` `ECDSA_SIG_get0` `RSA_public_decrypt` `EVP_MD_CTX_new` `PEM_read_bio_X509_AUX` `PEM_read_bio` `RSA_verify_PKCS1_PSS` `HMAC_Final` `EVP_get_digestbyname` `OPENSSL_init_crypto` `EVP_MD_CTX_reset` `ERR_get_error` `PEM_read_bio_PUBKEY` `EVP_DigestUpdate` `BIO_s_mem` `BIO_s_file` `PEM_read_bio_PrivateKey` `CRYPTO_free` `EVP_MD_CTX_free` `EVP_DigestInit_ex` `ERR_error_string` `EVP_PKEY_free` `BIO_free` `EVP_EncodeBlock` `BIO_puts` `EVP_PKEY_get_bn_param` `X509_free` `EVP_PKEY_set1_EC_KEY` `BN_bin2bn` `EC_KEY_new_by_curve_name` `RSA_set0_key` `EVP_PKEY_CTX_new` `EC_KEY_get0_group` `RSA_get0_crt_params` `RSA_get0_factors` `EC_KEY_get0_private_key` `BN_new` `RSA_size` `EC_POINT_set_affine_coordinates_GFp` `EVP_PKEY_derive` `EVP_PKEY_derive_init` `RSA_set0_factors` `RAND_bytes` `EC_POINT_new` `EC_KEY_get0_public_key` `HMAC` `EC_KEY_free` `EC_POINT_free` `RSA_get0_key` `BN_is_zero` `BN_free` `EVP_sha256` `EC_KEY_set_public_key` `EC_POINT_get_affine_coordinates_GFp` `EVP_PKEY_derive_set_peer` `RSA_free` `RSA_set0_crt_params` `EC_KEY_generate_key`
libcurl.dll	`curl_global_init` `curl_global_cleanup` `curl_easy_unescape` `curl_easy_getinfo` `curl_easy_init` `curl_slist_append` `curl_free` `curl_slist_free_all` `curl_easy_cleanup` `curl_easy_setopt` `curl_easy_perform` `curl_easy_escape`
jansson.dll	`json_integer` `json_object_del` `json_real_value` `json_dumps` `json_delete` `json_loads` `json_string` `json_deep_copy` `json_array_append_new` `json_array` `json_number_value` `json_object_iter_value` `json_string_value` `json_object_iter_next` `json_array_get` `json_object_iter_key` `json_object_iter` `json_array_size` `json_integer_value` `json_object_get` `json_pack` `json_stringn` `json_loadb` `json_object` `json_object_set_new`
libapr-1.dll	`apr_file_open` `apr_file_remove` `apr_file_trunc` `apr_stat` `apr_file_write_full` `apr_shm_destroy` `apr_shm_create` `apr_shm_baseaddr_get` `apr_pool_cleanup_register` `apr_hash_set` `apr_hash_make` `apr_hash_count` `apr_file_lock` `apr_tokenize_to_argv` `apr_pool_userdata_set` `apr_pool_userdata_get` `apr_pstrcat` `apr_array_make` `apr_file_unlock` `apr_pool_cleanup_null` `apr_array_pop` `apr_pstrndup` `apr_hash_next` `apr_hash_this` `apr_hash_first` `apr_pmemdup` `apr_hash_clear` `apr_pstrmemdup` `apr_array_pstrcat` `apr_hash_overlay` `apr_table_make` `apr_table_elts` `apr_strnatcasecmp` `apr_strtok` `apr_table_unset` `apr_rfc822_date` `apr_table_setn` `apr_table_addn` `apr_table_do` `apr_table_add` `apr_generate_random_bytes` `apr_file_info_get` `apr_hash_copy` `apr_file_seek` `apr_dir_read` `apr_dir_open` `apr_dir_close` `apr_file_close` `apr_file_read_full` `apr_proc_mutex_unlock` `apr_temp_dir_get` `apr_proc_mutex_create` `apr_proc_mutex_destroy` `apr_pstrdup` `apr_strerror` `apr_proc_mutex_child_init` `apr_proc_mutex_lock` `apr_palloc` `apr_time_now` `apr_table_set` `apr_table_get` `apr_psprintf` `apr_strnatcmp` `apr_file_mtime_set` `apr_hash_get` `apr_array_push`
libaprutil-1.dll	`apr_base64_encode_len` `apr_base64_encode` `apr_base64_decode` `apr_base64_decode_len` `apr_sha1_update` `apr_bucket_eos_create` `apr_sha1_init` `apr_sha1_final` `apr_bucket_type_eos` `apr_uri_parse` `apr_brigade_create` `apr_bucket_heap_create` `apr_uri_unparse` `apr_bucket_transient_create`
libhttpd.dll	`ap_unescape_url` `ap_auth_name` `ap_getword_nulls` `ap_getword` `ap_auth_type` `ap_register_input_filter` `ap_add_input_filter` `ap_run_http_scheme` `ap_hook_post_config` `ap_set_int_slot` `ap_should_client_block` `ap_hook_check_authn` `ap_set_flag_slot` `ap_hook_handler` `ap_register_auth_provider` `ap_server_root_relative` `ap_get_brigade` `ap_set_string_slot` `ap_hook_insert_filter` `ap_get_exec_line` `ap_is_initial_req` `ap_log_error_` `ap_log_rerror_` `ap_getword_conf` `ap_expr_str_exec` `ap_setup_client_block` `ap_getword_white` `ap_get_client_block` `ap_get_server_name` `ap_set_content_type` `ap_expr_exec` `ap_pass_brigade` `ap_expr_parse_cmd_mi` `ap_hook_child_init`
pcre.dll	`pcre_malloc` `pcre_get_substring` `pcre_compile` `pcre_free` `pcre_free_substring` `pcre_exec`
VCRUNTIME140.dll	`strrchr` `strchr` `__C_specific_handler` `memcpy` `memcmp` `__std_type_info_destroy_list` `memset` `strstr`
api-ms-win-crt-convert-l1-1-0.dll	`strtol` `strtoul`
api-ms-win-crt-filesystem-l1-1-0.dll	`rename`
api-ms-win-crt-string-l1-1-0.dll	`tolower` `toupper` `isdigit` `_stricmp` `strncmp` `isspace` `isalnum` `strncpy` `strcmp`
api-ms-win-crt-stdio-l1-1-0.dll	`__stdio_common_vsprintf` `__stdio_common_vsscanf` `__acrt_iob_func` `__stdio_common_vfprintf`
api-ms-win-crt-heap-l1-1-0.dll	`free` `malloc`
api-ms-win-crt-runtime-l1-1-0.dll	`_execute_onexit_table` `_initialize_onexit_table` `_initialize_narrow_environment` `_getpid` `_cexit` `_configure_narrow_argv` `_seh_filter_dll` `_initterm_e` `_initterm`
api-ms-win-crt-math-l1-1-0.dll	`ceil`

Delayed Imports

auth_openidc_module

Ordinal	`1`
Address	`0x5f0b0`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2024-Apr-02 21:00:23
Version	`0.0`
SizeofData	`96`
AddressOfRawData	`0x58398`
PointerToRawData	`0x57598`
Referenced File	C:\Apps\vscode\mod_auth_openidc-master\x64\Release\mod_auth_openidc.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2024-Apr-02 21:00:23
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x583f8`
PointerToRawData	`0x575f8`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-Apr-02 21:00:23
Version	`0.0`
SizeofData	`600`
AddressOfRawData	`0x5840c`
PointerToRawData	`0x5760c`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2024-Apr-02 21:00:23
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x18005f008`

RICH Header

XOR Key	`0x4c66f168`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`14`
Imports (30034)	`2`
Imports (33134)	`6`
Imports (33523)	`8`
253 (28518)	`2`
C++ objects (30034)	`12`
C objects (30034)	`8`
ASM objects (30034)	`4`
Imports (30795)	`5`
Total imports	`334`
C objects (LTCG) (30154)	`24`
Exports (30154)	`1`
Resource objects (30154)	`1`
Linker (30154)	`1`

18a8530bf8b1aadebc415ea28e7a7c54

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

auth_openidc_module

2

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors