API tools faq
paste
Advertisement
MalwareMustDie

Darkleech Module - import module + symbols used

MalwareMustDie
Mar 24th, 2013
1,552
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
ASM (NASM) 3.40 KB | None | 0 0
raw download clone embed print report
  1. // imported modules:
  2.  
  3. $ rabin2 -i ./mod_sec2_config.so | cut -d" " -f7 | cut -c6- | sort
  4. [Imports]
  5.  
  6. 67 imports
  7. _Jv_RegisterClasses
  8. __ctype_b_loc
  9. __ctype_tolower_loc
  10. __ctype_toupper_loc
  11. __cxa_finalize
  12. __fprintf_chk
  13. __gmon_start__
  14. __memcpy_chk
  15. __snprintf_chk
  16. __sprintf_chk
  17. __stack_chk_fail
  18. __strtol_internal
  19. __xstat
  20. ap_add_output_filter
  21. ap_hook_insert_filter
  22. ap_md5
  23. ap_pass_brigade
  24. ap_register_output_filter
  25. ap_set_flag_slot
  26. apr_brigade_cleanup   // apr_*  <====Apache Portable Runtime.  ?
  27. apr_brigade_create
  28. apr_bucket_alloc
  29. apr_bucket_eos_create
  30. apr_bucket_free
  31. apr_bucket_heap_create
  32. apr_bucket_type_eos
  33. apr_file_close
  34. apr_file_open
  35. apr_palloc
  36. apr_table_add
  37. apr_table_get
  38. ceil
  39. close
  40. connect
  41. fclose
  42. fgets
  43. fopen
  44. fread
  45. gethostbyname
  46. getpwnam
  47. gettimeofday
  48. gmtime
  49. inet_ntoa
  50. malloc
  51. memcpy
  52. memset
  53. open
  54. opendir
  55. rand
  56. read
  57. readdir
  58. recv
  59. remove
  60. send
  61. snprintf
  62. socket
  63. srand
  64. strchr
  65. strcmp
  66. strftime
  67. strlen
  68. strncpy
  69. strspn
  70. strstr
  71. strtok
  72. time
  73. uname
  74.  
  75.  
  76.  
  77. // symbols...
  78.  
  79. $ rabin2 -s ./mod_sec2_config.so | cut -d" " -f8 | cut -c6- | sort
  80. [Symbols]
  81.  
  82. 163 symbols
  83. ARRAY_BAN_LOCAL_IP
  84. ARRAY_BAN_PROC
  85. ARRAY_BAN_USERAGENT
  86. ARRAY_BLACKLIST_URI
  87. ARRAY_SE_REFERER
  88. ARRAY_SUDOERS
  89. ARRAY_TAGS_FOR_INJECT
  90. CC_HOST
  91. CC_REQUEST_FORMAT
  92. CC_URI
  93. CLIENT_IP
  94. C_ARRAY_BAN_LOCAL_IP
  95. C_ARRAY_BAN_PROC
  96. C_ARRAY_BAN_USERAGENT
  97. C_ARRAY_BLACKLIST_URI
  98. C_ARRAY_SE_REFERER
  99. C_ARRAY_SUDOERS
  100. C_ARRAY_TAGS_FOR_INJECT
  101. C_CC_HOST
  102. C_CC_REQUEST_FORMAT
  103. C_CC_URI
  104. C_KEY_COOKIE_NAME
  105. C_LIST_PREF
  106. C_MARKER_LEFT
  107. C_MARKER_RIGHT
  108. C_MODULE_VERSION
  109. C_STRING_1
  110. C_STRING_10
  111. C_STRING_11
  112. C_STRING_12
  113. C_STRING_13
  114. C_STRING_14
  115. C_STRING_15
  116. C_STRING_16
  117. C_STRING_17
  118. C_STRING_18
  119. C_STRING_19
  120. C_STRING_2
  121. C_STRING_20
  122. C_STRING_21
  123. C_STRING_22
  124. C_STRING_23
  125. C_STRING_24
  126. C_STRING_25
  127. C_STRING_26
  128. C_STRING_27
  129. C_STRING_28
  130. C_STRING_29
  131. C_STRING_3
  132. C_STRING_30
  133. C_STRING_31
  134. C_STRING_32
  135. C_STRING_33
  136. C_STRING_34
  137. C_STRING_35
  138. C_STRING_4
  139. C_STRING_5
  140. C_STRING_6
  141. C_STRING_7
  142. C_STRING_8
  143. C_STRING_9
  144. C_TMP_DIR
  145. FILENAME_UPDATING
  146. FILTER
  147. GEN_FILENAME_INJECT
  148. GEN_FILENAME_SESSION
  149. GEN_FILENAME_WAITLIST
  150. KEY_CLIENT
  151. KEY_COOKIE_NAME
  152. KEY_XOR
  153. LIST_PREF
  154. MARKER_LEFT
  155. MARKER_RIGHT
  156. MODULE_VERSION
  157. SIZE_ARRAY_BAN_PROC
  158. SIZE_ARRAY_BAN_USERAGENT
  159. SIZE_ARRAY_BLACKLIST_URI
  160. SIZE_ARRAY_SE_REFERER
  161. SIZE_ARRAY_SUDOERS
  162. SIZE_ARRAY_TAGS_FOR_INJECT
  163. STRING_1
  164. STRING_10
  165. STRING_11
  166. STRING_12
  167. STRING_13
  168. STRING_14
  169. STRING_15
  170. STRING_16
  171. STRING_17
  172. STRING_18
  173. STRING_19
  174. STRING_2
  175. STRING_20
  176. STRING_21
  177. STRING_22
  178. STRING_23
  179. STRING_24
  180. STRING_25
  181. STRING_26
  182. STRING_27
  183. STRING_28
  184. STRING_29
  185. STRING_3
  186. STRING_30
  187. STRING_31
  188. STRING_32
  189. STRING_33
  190. STRING_34
  191. STRING_35
  192. STRING_4
  193. STRING_5
  194. STRING_6
  195. STRING_7
  196. STRING_8
  197. STRING_9
  198. TMP_DIR
  199. _ADD_TO_BLACKLIST
  200. _ADD_TO_WAITLIST
  201. _CHECK_BLACKLIST
  202. _CHECK_BOT_USERAGENT
  203. _CHECK_JS
  204. _CHECK_LOCAL_IP
  205. _CHECK_PROC
  206. _CHECK_RAW_COOKIE
  207. _CHECK_REFERER_IS_HOST
  208. _CHECK_REFERER_IS_SEO
  209. _CHECK_SITE_ADMIN
  210. _CHECK_SITE_KERNEL
  211. _CHECK_UTMP
  212. _CHECK_WAITLIST
  213. _GEN_FILENAME_BLACKLIST
  214. _INJECT_DO
  215. _INJECT_LOAD
  216. _INJECT_SAVE
  217. _INJECT_SKIP
  218. _INJECT_UPDATE
  219. _IS_SUDOER
  220. _SESSION_DELETE
  221. _SESSION_KEYGEN
  222. _SESSION_LOAD
  223. _SESSION_SAVE
  224. _SET_COOKIE_KEY
  225. __bss_start
  226. _edata
  227. _end
  228. _fini
  229. _init
  230. base64decode
  231. base64encode
  232. explode
  233. filesize
  234. from_hex
  235. ip2long
  236. max
  237. min
  238. rtrim
  239. sec2_config_module
  240. stristr
  241. to_hex
  242. urlencode
  243. xor_decrypt_string
  244. xor_encrypt
  245. xor_encrypt_string
  246.  
  247. // ↑some useragents/uri/referers/locals ip seems to be checked/banned
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!