133e6a8ebf55b145eba1904b3a2b2c4e467965604a226c78984caf1dd64eecad

Sharing

Copy URL

Twitter E-mail

General

Target

133e6a8ebf55b145eba1904b3a2b2c4e467965604a226c78984caf1dd64eecad
Size

47KB
MD5

5df2d8fa36e1930ab978e1e7ced335a2
SHA1

72ed3afc7a3f6553453f5d3559869a2fc6f7679b
SHA256

133e6a8ebf55b145eba1904b3a2b2c4e467965604a226c78984caf1dd64eecad
SHA512

f13f84bdbaa183a40e91352680e3fa17b26b5913e895fe0f534efd12d8c1d05157834dee786f2bacd5c117c8946cd5d107ca0b2c7ebff0dac1bb479b4dfb33e5
SSDEEP

768:Tyd0sfmYxOdVV+WVehK0M+70GAhgAgnh2YNuXh2544iuTlEP:TjBYxODMyIK0M+7pHEYNuXh25FlEP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
133e6a8ebf55b145eba1904b3a2b2c4e467965604a226c78984caf1dd64eecad

Files

133e6a8ebf55b145eba1904b3a2b2c4e467965604a226c78984caf1dd64eecad
.dll windows:6 windows x64 arch:x64

0f43adbfc94c9dfed493de9605befcb2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Dev\work\NetVision\Dev\Install\Scripts\InnoSetup_MULTI\ProgramDir\PgBuild\postgresql\Release\_int\_int.pdb

Imports

postgres.exe

pg_number_of_ones
pg_popcount
construct_empty_array
palloc0
qsort_arg
free_attstatsslot
get_attstatsslot
get_restriction_variable
arraycontjoinsel
arraycontsel
DirectFunctionCall5Coll
DirectFunctionCall4Coll
pg_detoast_datum_packed
DirectFunctionCall3Coll
pg_qsort
ArrayGetNItems
array_contains_nulls
DirectFunctionCall2Coll
pg_detoast_datum_copy
pg_detoast_datum
check_stack_depth
pfree
repalloc
palloc
elog_finish
elog_start
errmsg
errcode
errfinish
errstart
pg_sprintf

msvcr120

__clean_type_info_names_internal
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
__C_specific_handler
_initterm_e
_initterm
_malloc_crt
free
_amsg_exit
__CppXcptFilter
__crtCapturePreviousContext
__crtCaptureCurrentContext
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
memset
bsearch
memcpy
_errno
strtol
strchr
memmove

kernel32

DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
DecodePointer
EncodePointer
IsProcessorFeaturePresent
IsDebuggerPresent

Exports

Exports

Pg_magic_func
_int_contained
_int_contained_joinsel
_int_contained_sel
_int_contains
_int_contains_joinsel
_int_contains_sel
_int_different
_int_inter
_int_matchsel
_int_overlap
_int_overlap_joinsel
_int_overlap_sel
_int_same
_int_union
_int_unique
_intbig_in
_intbig_out
boolop
bqarr_in
bqarr_out
compASC
compDESC
copy_intArrayType
execconsistent
g_int_compress
g_int_consistent
g_int_decompress
g_int_penalty
g_int_picksplit
g_int_same
g_int_union
g_intbig_compress
g_intbig_consistent
g_intbig_decompress
g_intbig_penalty
g_intbig_picksplit
g_intbig_same
g_intbig_union
gensign
gin_bool_consistent
ginint4_consistent
ginint4_queryextract
icount
idx
inner_int_contains
inner_int_inter
inner_int_overlap
inner_int_union
int_to_intset
intarray_add_elem
intarray_concat_arrays
intarray_del_elem
intarray_match_first
intarray_push_array
intarray_push_elem
internal_size
intset
intset_subtract
intset_union_elem
isort
new_intArrayType
pg_finfo__int_contained
pg_finfo__int_contained_joinsel
pg_finfo__int_contained_sel
pg_finfo__int_contains
pg_finfo__int_contains_joinsel
pg_finfo__int_contains_sel
pg_finfo__int_different
pg_finfo__int_inter
pg_finfo__int_matchsel
pg_finfo__int_overlap
pg_finfo__int_overlap_joinsel
pg_finfo__int_overlap_sel
pg_finfo__int_same
pg_finfo__int_union
pg_finfo__intbig_in
pg_finfo__intbig_out
pg_finfo_boolop
pg_finfo_bqarr_in
pg_finfo_bqarr_out
pg_finfo_g_int_compress
pg_finfo_g_int_consistent
pg_finfo_g_int_decompress
pg_finfo_g_int_penalty
pg_finfo_g_int_picksplit
pg_finfo_g_int_same
pg_finfo_g_int_union
pg_finfo_g_intbig_compress
pg_finfo_g_intbig_consistent
pg_finfo_g_intbig_decompress
pg_finfo_g_intbig_penalty
pg_finfo_g_intbig_picksplit
pg_finfo_g_intbig_same
pg_finfo_g_intbig_union
pg_finfo_ginint4_consistent
pg_finfo_ginint4_queryextract
pg_finfo_icount
pg_finfo_idx
pg_finfo_intarray_del_elem
pg_finfo_intarray_push_array
pg_finfo_intarray_push_elem
pg_finfo_intset
pg_finfo_intset_subtract
pg_finfo_intset_union_elem
pg_finfo_querytree
pg_finfo_rboolop
pg_finfo_sort
pg_finfo_sort_asc
pg_finfo_sort_desc
pg_finfo_subarray
pg_finfo_uniq
query_has_required_values
querytree
rboolop
resize_intArrayType
rt__int_size
signconsistent
sort
sort_asc
sort_desc
subarray
uniq

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f43adbfc94c9dfed493de9605befcb2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

postgres.exe

msvcr120

kernel32

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 20B

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 20B