e884efdc03a394b55a359e5ae4ebefd43aec692ee02cf1928cbbf2346dad1e53

Sharing

Copy URL Twitter E-mail

General

Target

e884efdc03a394b55a359e5ae4ebefd43aec692ee02cf1928cbbf2346dad1e53
Size

11KB
MD5

edcb7fe0d3d2caaef654c87ab6cd19d9
SHA1

f17889bdb93cea560a79beb1605e3199abd96579
SHA256

e884efdc03a394b55a359e5ae4ebefd43aec692ee02cf1928cbbf2346dad1e53
SHA512

c9d768b5a51942145b66ee1b81ca1be19132cb3b875b0bd9267a2df37d831552dcf7d883c205ac8d0774c3554b2ac1a6c6acbbb7417130d47ebb8c9b209eb5bd
SSDEEP

192:PfaNXXmO164VdB5tymprALM7igmaqcGya3XcX5V1VMEb6eDO:PfSXz1Jd7tNwM7igmNzsX71GEeeDO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e884efdc03a394b55a359e5ae4ebefd43aec692ee02cf1928cbbf2346dad1e53

Files

e884efdc03a394b55a359e5ae4ebefd43aec692ee02cf1928cbbf2346dad1e53
.dll windows:6 windows x64 arch:x64

36365cfa1b3b3d51f4f3952df82a2be1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Dev\work\NetVision\Dev\Install\Scripts\InnoSetup_MULTI\ProgramDir\PgBuild\postgresql\Release\tsm_system_rows\tsm_system_rows.pdb

Imports

postgres.exe

InterruptPending
newNodeMacroHolder
CurrentMemoryContext
pg_signal_mask
pg_signal_queue
sampler_random_fract
sampler_random_init_state
estimate_expression_value
clamp_row_est
ProcessInterrupts
lcons_oid
palloc0
MemoryContextAllocZeroAligned
errmsg
errcode
errfinish
errstart
pgwin32_dispatch_queued_signals

msvcr120

__clean_type_info_names_internal
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
__crtCapturePreviousContext
__crtCaptureCurrentContext
__CppXcptFilter
_amsg_exit
free
_malloc_crt
_initterm
_initterm_e
__C_specific_handler
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess

kernel32

DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer

Exports

Exports

Pg_magic_func
pg_finfo_tsm_system_rows_handler
tsm_system_rows_handler

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36365cfa1b3b3d51f4f3952df82a2be1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

postgres.exe

msvcr120

kernel32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 360B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 20B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 360B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 20B