easy_Benign_ffb5c91076018d4a14ac596359ea27bb267c56960baacc617c5bdecf5894b311[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

easy_Benign_ffb5c91076018d4a14ac596359ea27bb267c56960baacc617c5bdecf5894b311.dll
Size

20KB
MD5

1003da4a49cd9aca92b3f566ba0b7561
SHA1

d9cfd5db1ff289cd119dc5645bdc026017e6ca89
SHA256

ffb5c91076018d4a14ac596359ea27bb267c56960baacc617c5bdecf5894b311
SHA512

c4509eacfa46b79016ffe3dce50eb6c0c08d0908c9f8318eb3624547c11f8c9f223ae26bd343242b1444f64ee7bcb65f6a6b9e483e84410f39a1adecf6479344
SSDEEP

192:iD0kqvfiC01uJ9gM658ofpvXLLQ2uw0WTYE6cXjyPpwM8o6s6MCEdzGdmy30RDu9:i4QPxvXLLqARHXjVM16zEw09Ts43I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
easy_Benign_ffb5c91076018d4a14ac596359ea27bb267c56960baacc617c5bdecf5894b311.dll

Files

easy_Benign_ffb5c91076018d4a14ac596359ea27bb267c56960baacc617c5bdecf5894b311.dll
.dll windows x64

52c145d46f1423fe0e49ce9a91f41ae1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

postgres.exe

EndCopyFrom
NextCopyFrom
CopyFromErrorCallback
defGetString
defGetBoolean
ExplainPropertyText
ExplainPropertyLong
vacuum_delay_point
GetForeignServer
GetForeignDataWrapper
GetForeignTable
GetForeignColumnOptions
superuser
makeDefElem
clamp_row_est
clauselist_selectivity
BeginCopyFrom
create_foreignscan_path
make_foreignscan
extract_actual_clauses
pull_varattnos
MemoryContextReset
MemoryContextDelete
AllocSetContextCreate
sampler_random_fract
reservoir_init_selection_state
reservoir_get_next_S
error_context_stack
CurrentMemoryContext
newNodeMacroHolder
seq_page_cost
cpu_tuple_cost
ProcessCopyOptions
makeString
ExecStoreVirtualTuple
ExecClearTuple
heap_open
relation_close
untransformRelOptions
appendStringInfo
initStringInfo
bms_first_member
heap_freetuple
heap_form_tuple
list_delete_cell
list_concat
lcons
lappend
pstrdup
pfree
MemoryContextAllocZeroAligned
palloc
elog_finish
elog_start
errhint
errmsg
errcode_for_file_access
errcode
errfinish
errstart
add_path
pgwin32_safestat

msvcr120

__clean_type_info_names_internal
__dllonexit
_calloc_crt
_unlock
_lock
__crtCapturePreviousContext
__crtCaptureCurrentContext
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
__C_specific_handler
_initterm_e
_initterm
_malloc_crt
free
_amsg_exit
__CppXcptFilter
strcmp
_onexit

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
DisableThreadLibraryCalls

Exports

Exports

Pg_magic_func
file_fdw_handler
file_fdw_validator
pg_finfo_file_fdw_handler
pg_finfo_file_fdw_validator

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52c145d46f1423fe0e49ce9a91f41ae1

Headers

DLL Characteristics

File Characteristics

Imports

postgres.exe

msvcr120

kernel32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 732B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 40B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 732B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 40B