6e483ce8fdef2706d47ebcdebf9817379b293816b6823b5c6b1ed85f22097afe

General

Target

6e483ce8fdef2706d47ebcdebf9817379b293816b6823b5c6b1ed85f22097afe
Size

9KB
MD5

ba7d796171582f8bdbb056158bcc4a72
SHA1

388beaf57c1ffff3dc2f50ce3e4a0b98eeb5bd6c
SHA256

6e483ce8fdef2706d47ebcdebf9817379b293816b6823b5c6b1ed85f22097afe
SHA512

2a5c219527eb32e1402fa45ba2aed13511d7da278b43b2596ba93b22211b228088f09322952a7fb07ef0493e1abc6eb4b1a31f04cb847bd3a4aef48f875a16bc
SSDEEP

96:ESh7BlN/bWC+UyJEEGe1W2Qorl3I8hSWd7J+mT9cGm1b4pCs3XBg+gfHinfRzx:p7Bf/bjY++1pBV3d7Zq/9s3XXgi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6e483ce8fdef2706d47ebcdebf9817379b293816b6823b5c6b1ed85f22097afe

Files

6e483ce8fdef2706d47ebcdebf9817379b293816b6823b5c6b1ed85f22097afe
.dll windows:6 windows x64 arch:x64

1dacd47488cfc1482a76c6bd27c77433

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Dev\work\NetVision\Dev\Install\Scripts\InnoSetup_MULTI\ProgramDir\PgBuild\postgresql\Release\passwordcheck\passwordcheck.pdb

Imports

postgres.exe

check_password_hook
plain_crypt_verify
errmsg
errcode
errfinish
errstart

msvcr120

isalpha
__CppXcptFilter
_amsg_exit
free
strstr
_initterm
_initterm_e
__C_specific_handler
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
__clean_type_info_names_internal
_malloc_crt

kernel32

DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
DecodePointer
EncodePointer

Exports

Exports

Pg_magic_func
_PG_fini
_PG_init

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1dacd47488cfc1482a76c6bd27c77433

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

postgres.exe

msvcr120

kernel32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 96B

.pdata Size: 512B - Virtual size: 228B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 16B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 96B

.pdata
Size: 512B - Virtual size: 228B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 16B