Advertisement
eromang

Linux/Chapro.A Apache malicious module

Dec 19th, 2012
1,099
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.12 KB | None | 0 0
  1. !O<m
  2. Y)oT
  3. =KghA\
  4. E9w0
  5. ~mmy
  6. __gmon_start__
  7. _init
  8. _fini
  9. __cxa_finalize
  10. _Jv_RegisterClasses
  11. to_hex
  12. _CHECK_RAW_COOKIE
  13. KEY_CLIENT
  14. _CHECK_LOCAL_IP
  15. _CHECK_SITE_KERNEL
  16. ap_hook_insert_filter
  17. ap_register_output_filter
  18. rtrim
  19. strlen
  20. _CHECK_REFERER_IS_HOST
  21. FILTER
  22. apr_table_get
  23. strstr
  24. xor_decrypt_string
  25. apr_palloc
  26. xor_encrypt_string
  27. xor_encrypt
  28. _GEN_FILENAME_BLACKLIST
  29. ap_md5
  30. __snprintf_chk
  31. ap_add_output_filter
  32. _CHECK_REFERER_IS_SEO
  33. SIZE_ARRAY_SE_REFERER
  34. __ctype_toupper_loc
  35. _CHECK_BOT_USERAGENT
  36. SIZE_ARRAY_BAN_USERAGENT
  37. stristr
  38. _ADD_TO_BLACKLIST
  39. fopen
  40. fclose
  41. _CHECK_SITE_ADMIN
  42. SIZE_ARRAY_BLACKLIST_URI
  43. CLIENT_IP
  44. _CHECK_PROC
  45. opendir
  46. readdir
  47. strspn
  48. memset
  49. fgets
  50. SIZE_ARRAY_BAN_PROC
  51. __stack_chk_fail
  52. _IS_SUDOER
  53. SIZE_ARRAY_SUDOERS
  54. strcmp
  55. _CHECK_UTMP
  56. inet_ntoa
  57. getpwnam
  58. __xstat
  59. _CHECK_BLACKLIST
  60. apr_file_open
  61. apr_file_close
  62. _ADD_TO_WAITLIST
  63. GEN_FILENAME_WAITLIST
  64. __fprintf_chk
  65. _SESSION_DELETE
  66. GEN_FILENAME_SESSION
  67. remove
  68. _SESSION_KEYGEN
  69. gettimeofday
  70. srand
  71. _SET_COOKIE_KEY
  72. gmtime
  73. strftime
  74. apr_table_add
  75. explode
  76. strchr
  77. strncpy
  78. base64encode
  79. ceil
  80. malloc
  81. _INJECT_SAVE
  82. GEN_FILENAME_INJECT
  83. _SESSION_SAVE
  84. ip2long
  85. strtok
  86. urlencode
  87. __ctype_b_loc
  88. from_hex
  89. __ctype_tolower_loc
  90. base64decode
  91. _INJECT_SKIP
  92. apr_bucket_type_eos
  93. apr_bucket_alloc
  94. memcpy
  95. apr_bucket_free
  96. apr_bucket_heap_create
  97. apr_bucket_eos_create
  98. _SESSION_LOAD
  99. __strtol_internal
  100. _INJECT_UPDATE
  101. FILENAME_UPDATING
  102. socket
  103. snprintf
  104. gethostbyname
  105. connect
  106. uname
  107. send
  108. recv
  109. _CHECK_WAITLIST
  110. filesize
  111. _INJECT_LOAD
  112. fread
  113. __memcpy_chk
  114. _INJECT_DO
  115. SIZE_ARRAY_TAGS_FOR_INJECT
  116. __sprintf_chk
  117. KEY_XOR
  118. C_MODULE_VERSION
  119. C_CC_HOST
  120. C_CC_URI
  121. C_CC_REQUEST_FORMAT
  122. C_MARKER_LEFT
  123. C_MARKER_RIGHT
  124. C_TMP_DIR
  125. C_LIST_PREF
  126. C_KEY_COOKIE_NAME
  127. C_ARRAY_TAGS_FOR_INJECT
  128. C_ARRAY_BAN_USERAGENT
  129. C_ARRAY_BLACKLIST_URI
  130. C_ARRAY_SE_REFERER
  131. C_ARRAY_SUDOERS
  132. C_ARRAY_BAN_PROC
  133. C_STRING_1
  134. C_STRING_2
  135. C_STRING_3
  136. C_STRING_4
  137. C_STRING_5
  138. C_STRING_6
  139. C_STRING_7
  140. C_STRING_8
  141. C_STRING_9
  142. C_STRING_10
  143. C_STRING_11
  144. C_STRING_12
  145. C_STRING_13
  146. C_STRING_14
  147. C_STRING_16
  148. C_STRING_17
  149. C_STRING_18
  150. C_STRING_19
  151. C_STRING_20
  152. C_STRING_21
  153. C_STRING_22
  154. C_STRING_23
  155. C_STRING_15
  156. C_STRING_24
  157. C_STRING_25
  158. C_STRING_26
  159. C_STRING_27
  160. C_STRING_28
  161. C_STRING_29
  162. C_STRING_30
  163. C_STRING_31
  164. C_STRING_32
  165. C_STRING_33
  166. C_STRING_34
  167. C_ARRAY_BAN_LOCAL_IP
  168. apr_brigade_create
  169. apr_brigade_cleanup
  170. ap_pass_brigade
  171. chart_proxy_module
  172. ap_set_flag_slot
  173. libm.so.6
  174. libc.so.6
  175. _edata
  176. __bss_start
  177. _end
  178. mod_chart_proxy.so
  179. GLIBC_2.2.5
  180. GLIBC_2.4
  181. GLIBC_2.3
  182. GLIBC_2.3.4
  183. %
  184. J
  185. %zI
  186. %rI
  187. %jI
  188. %bI
  189. %ZI
  190. %RI
  191. %JI
  192. %BI
  193. %:I
  194. %2I
  195. %*I
  196. %"I
  197. %zH
  198. %rH
  199. %jH
  200. %bH
  201. %ZH
  202. %RH
  203. %JH
  204. %BH
  205. %:H
  206. %2H
  207. %*H
  208. %"H
  209. %zG
  210. %rG
  211. %jG
  212. %bG
  213. %ZG
  214. %RG
  215. %JG
  216. %BG
  217. %:G
  218. %2G
  219. ATSubH
  220. %l>
  221. ='>
  222. x8Hc
  223. []A\A]
  224. []A\A]
  225. l$ H
  226. AWAVAUATUSH
  227. D9<$u
  228. []A\A]A^A_
  229. []A\A]A^A_
  230. AWAVAUATUSH
  231. []A\A]A^A_
  232. D9<$u
  233. AWAVAUATUSH
  234. D9<$u
  235. []A\A]A^A_
  236. AWAVAUATUSH
  237. []A\A]A^A_
  238. ATUSH
  239. []A\A]
  240. []A\A]
  241. H+D$XH=+
  242. []A\
  243. \$ L
  244. ->6
  245. AVAUATUSH
  246. HcD$
  247. D;|$
  248. []A\A]A^A_
  249. ATUH
  250. VUUU
  251. []A\L
  252. d$ H
  253. []A\
  254. AVE1
  255. AUATI
  256. []A\A]L
  257. l$ L
  258. d$(L
  259. l$0L
  260. t$8L
  261. |$@H
  262. )l$
  263. H
  264. D$
  265. H
  266. D$
  267. H
  268. AWAVAUL
  269. ATUSH
  270. ==-
  271. D$ H
  272. t$ H
  273. ([]A\A]A^A_
  274. T$
  275. H
  276. HcT$
  277. H
  278. []A\
  279. T$ H
  280. t$<H
  281. L$<H
  282. |$ H
  283. L$<H
  284. |$(H
  285. T$ H
  286. L$<H
  287. \$<H
  288. |$ H
  289. |$(H
  290. t$@H
  291. D$0H
  292. D$(1
  293. T$(dH3
  294. \$0H
  295. l$8L
  296. d$@L
  297. l$HL
  298. t$PH
  299. AUATUSH
  300. T$ H9
  301. D$0I
  302. T$0H
  303. T$ H
  304. T$81
  305. t$@H
  306. T$8H
  307. T$81
  308. t$@H
  309. T$8L
  310. |$8E1
  311. T$81
  312. T$8L
  313. l$8H
  314. L$0I
  315. T$0H
  316. L$0H
  317. |$8H
  318. T$8H
  319. T$8I
  320. <,H)
  321. []A\A]A^A_
  322. []A\A]A^A_
  323. AWAVAUATUSH
  324. D$81
  325. l$ H
  326. T$8dH3
  327. H[]A\A]A^A_
  328. /var/run/utmp
  329. /dev/
  330. mod_chart_proxy.c
  331. dlEngine
  332. dl module switcher
  333. ?456789:;<=
  334. !"#$%&'()*+,-./0123
  335. ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
  336. 0123456789abcdef
  337. 22PA
  338. GCC: (GNU) 4.1.2 20080704 (Red Hat 4.1.2-51)
  339. GCC: (GNU) 4.1.2 20080704 (Red Hat 4.1.2-51)
  340. GCC: (GNU) 4.1.2 20080704 (Red Hat 4.1.2-51)
  341. GCC: (GNU) 4.1.2 20080704 (Red Hat 4.1.2-51)
  342. GCC: (GNU) 4.1.2 20080704 (Red Hat 4.1.2-51)
  343. .shstrtab
  344. .gnu.hash
  345. .dynsym
  346. .dynstr
  347. .gnu.version
  348. .gnu.version_r
  349. .rela.dyn
  350. .rela.plt
  351. .init
  352. .text
  353. .fini
  354. .rodata
  355. .eh_frame_hdr
  356. .eh_frame
  357. .ctors
  358. .dtors
  359. .jcr
  360. .data.rel.ro
  361. .dynamic
  362. .got
  363. .got.plt
  364. .data
  365. .bss
  366. .comment
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement