Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2024-Apr-02 21:00:23 |
Detected languages |
English - United States
|
Debug artifacts |
C:\Apps\vscode\mod_auth_openidc-master\x64\Release\mod_auth_openidc.pdb
|
Info | Interesting strings found in the binary: |
Contains domain names:
|
Info | Libraries used to perform cryptographic operations: | Microsoft's Cryptography API |
Suspicious | The PE contains functions most legitimate programs don't use. |
Uses Microsoft's cryptographic API:
|
Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x118 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 6 |
TimeDateStamp | 2024-Apr-02 21:00:23 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x40e00 |
SizeOfInitializedData | 0x20400 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000000000004124C (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x180000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x65000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
SearchPathA
RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind UnhandledExceptionFilter SetUnhandledExceptionFilter GetCurrentProcess IsDebuggerPresent InitializeSListHead DisableThreadLibraryCalls GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter IsProcessorFeaturePresent TerminateProcess |
---|---|
WS2_32.dll |
htonl
|
libcrypto-3-x64.dll |
EVP_aes_192_cbc
AES_wrap_key EVP_sha512 EVP_CIPHER_get_block_size EVP_CIPHER_CTX_ctrl EVP_aes_256_gcm EVP_EncryptUpdate EVP_CIPHER_CTX_reset AES_set_decrypt_key EVP_CIPHER_CTX_free EVP_EncryptFinal_ex ECDSA_do_sign BN_num_bits OBJ_sn2nid EVP_aes_128_cbc EC_KEY_set_private_key RSA_private_decrypt EVP_DecryptInit_ex EVP_PKEY_CTX_free EVP_PKEY_new EC_POINT_mul RSA_new EVP_PKEY_get_utf8_string_param X509_get_pubkey BIO_new i2d_X509 EVP_PKEY_get_base_id BN_clear_free BIO_ctrl AES_set_encrypt_key EVP_EncryptInit_ex PEM_write_bio_X509 AES_unwrap_key EVP_DecryptFinal_ex EVP_DecryptUpdate BN_bn2bin EVP_sha384 EVP_aes_256_cbc EVP_CIPHER_CTX_new EVP_DigestFinal_ex ECDSA_SIG_new RSA_padding_add_PKCS1_PSS EVP_DigestFinal ECDSA_do_verify EVP_MD_get_size ECDSA_SIG_set0 HMAC_CTX_new HMAC_Update ECDSA_SIG_free RSA_verify RSA_public_encrypt RSA_sign HMAC_Init_ex RSA_private_encrypt HMAC_CTX_free ECDSA_SIG_get0 RSA_public_decrypt EVP_MD_CTX_new PEM_read_bio_X509_AUX PEM_read_bio RSA_verify_PKCS1_PSS HMAC_Final EVP_get_digestbyname OPENSSL_init_crypto EVP_MD_CTX_reset ERR_get_error PEM_read_bio_PUBKEY EVP_DigestUpdate BIO_s_mem BIO_s_file PEM_read_bio_PrivateKey CRYPTO_free EVP_MD_CTX_free EVP_DigestInit_ex ERR_error_string EVP_PKEY_free BIO_free EVP_EncodeBlock BIO_puts EVP_PKEY_get_bn_param X509_free EVP_PKEY_set1_EC_KEY BN_bin2bn EC_KEY_new_by_curve_name RSA_set0_key EVP_PKEY_CTX_new EC_KEY_get0_group RSA_get0_crt_params RSA_get0_factors EC_KEY_get0_private_key BN_new RSA_size EC_POINT_set_affine_coordinates_GFp EVP_PKEY_derive EVP_PKEY_derive_init RSA_set0_factors RAND_bytes EC_POINT_new EC_KEY_get0_public_key HMAC EC_KEY_free EC_POINT_free RSA_get0_key BN_is_zero BN_free EVP_sha256 EC_KEY_set_public_key EC_POINT_get_affine_coordinates_GFp EVP_PKEY_derive_set_peer RSA_free RSA_set0_crt_params EC_KEY_generate_key |
libcurl.dll |
curl_global_init
curl_global_cleanup curl_easy_unescape curl_easy_getinfo curl_easy_init curl_slist_append curl_free curl_slist_free_all curl_easy_cleanup curl_easy_setopt curl_easy_perform curl_easy_escape |
jansson.dll |
json_integer
json_object_del json_real_value json_dumps json_delete json_loads json_string json_deep_copy json_array_append_new json_array json_number_value json_object_iter_value json_string_value json_object_iter_next json_array_get json_object_iter_key json_object_iter json_array_size json_integer_value json_object_get json_pack json_stringn json_loadb json_object json_object_set_new |
libapr-1.dll |
apr_file_open
apr_file_remove apr_file_trunc apr_stat apr_file_write_full apr_shm_destroy apr_shm_create apr_shm_baseaddr_get apr_pool_cleanup_register apr_hash_set apr_hash_make apr_hash_count apr_file_lock apr_tokenize_to_argv apr_pool_userdata_set apr_pool_userdata_get apr_pstrcat apr_array_make apr_file_unlock apr_pool_cleanup_null apr_array_pop apr_pstrndup apr_hash_next apr_hash_this apr_hash_first apr_pmemdup apr_hash_clear apr_pstrmemdup apr_array_pstrcat apr_hash_overlay apr_table_make apr_table_elts apr_strnatcasecmp apr_strtok apr_table_unset apr_rfc822_date apr_table_setn apr_table_addn apr_table_do apr_table_add apr_generate_random_bytes apr_file_info_get apr_hash_copy apr_file_seek apr_dir_read apr_dir_open apr_dir_close apr_file_close apr_file_read_full apr_proc_mutex_unlock apr_temp_dir_get apr_proc_mutex_create apr_proc_mutex_destroy apr_pstrdup apr_strerror apr_proc_mutex_child_init apr_proc_mutex_lock apr_palloc apr_time_now apr_table_set apr_table_get apr_psprintf apr_strnatcmp apr_file_mtime_set apr_hash_get apr_array_push |
libaprutil-1.dll |
apr_base64_encode_len
apr_base64_encode apr_base64_decode apr_base64_decode_len apr_sha1_update apr_bucket_eos_create apr_sha1_init apr_sha1_final apr_bucket_type_eos apr_uri_parse apr_brigade_create apr_bucket_heap_create apr_uri_unparse apr_bucket_transient_create |
libhttpd.dll |
ap_unescape_url
ap_auth_name ap_getword_nulls ap_getword ap_auth_type ap_register_input_filter ap_add_input_filter ap_run_http_scheme ap_hook_post_config ap_set_int_slot ap_should_client_block ap_hook_check_authn ap_set_flag_slot ap_hook_handler ap_register_auth_provider ap_server_root_relative ap_get_brigade ap_set_string_slot ap_hook_insert_filter ap_get_exec_line ap_is_initial_req ap_log_error_ ap_log_rerror_ ap_getword_conf ap_expr_str_exec ap_setup_client_block ap_getword_white ap_get_client_block ap_get_server_name ap_set_content_type ap_expr_exec ap_pass_brigade ap_expr_parse_cmd_mi ap_hook_child_init |
pcre.dll |
pcre_malloc
pcre_get_substring pcre_compile pcre_free pcre_free_substring pcre_exec |
VCRUNTIME140.dll |
strrchr
strchr __C_specific_handler memcpy memcmp __std_type_info_destroy_list memset strstr |
api-ms-win-crt-convert-l1-1-0.dll |
strtol
strtoul |
api-ms-win-crt-filesystem-l1-1-0.dll |
rename
|
api-ms-win-crt-string-l1-1-0.dll |
tolower
toupper isdigit _stricmp strncmp isspace isalnum strncpy strcmp |
api-ms-win-crt-stdio-l1-1-0.dll |
__stdio_common_vsprintf
__stdio_common_vsscanf __acrt_iob_func __stdio_common_vfprintf |
api-ms-win-crt-heap-l1-1-0.dll |
free
malloc |
api-ms-win-crt-runtime-l1-1-0.dll |
_execute_onexit_table
_initialize_onexit_table _initialize_narrow_environment _getpid _cexit _configure_narrow_argv _seh_filter_dll _initterm_e _initterm |
api-ms-win-crt-math-l1-1-0.dll |
ceil
|
Ordinal | 1 |
---|---|
Address | 0x5f0b0 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2024-Apr-02 21:00:23 |
Version | 0.0 |
SizeofData | 96 |
AddressOfRawData | 0x58398 |
PointerToRawData | 0x57598 |
Referenced File | C:\Apps\vscode\mod_auth_openidc-master\x64\Release\mod_auth_openidc.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2024-Apr-02 21:00:23 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x583f8 |
PointerToRawData | 0x575f8 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2024-Apr-02 21:00:23 |
Version | 0.0 |
SizeofData | 600 |
AddressOfRawData | 0x5840c |
PointerToRawData | 0x5760c |
Characteristics |
0
|
---|---|
TimeDateStamp | 2024-Apr-02 21:00:23 |
Version | 0.0 |
SizeofData | 0 |
AddressOfRawData | 0 |
PointerToRawData | 0 |
Size | 0x138 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x18005f008 |
XOR Key | 0x4c66f168 |
---|---|
Unmarked objects | 0 |
Imports (VS2008 SP1 build 30729) | 14 |
Imports (30034) | 2 |
Imports (33134) | 6 |
Imports (33523) | 8 |
253 (28518) | 2 |
C++ objects (30034) | 12 |
C objects (30034) | 8 |
ASM objects (30034) | 4 |
Imports (30795) | 5 |
Total imports | 334 |
C objects (LTCG) (30154) | 24 |
Exports (30154) | 1 |
Resource objects (30154) | 1 |
Linker (30154) | 1 |