9b8bac4395c9f9f9f298f248813711e5e80ba6642011f09fae687fd28e4c7f9b

Sharing

Copy URL Twitter E-mail

General

Target

9b8bac4395c9f9f9f298f248813711e5e80ba6642011f09fae687fd28e4c7f9b
Size

15KB
MD5

e0a178c5957415f1e91d51cd23f0b12c
SHA1

e257b5eae9fcef4c40cbd0f7752b3a5271011ab3
SHA256

9b8bac4395c9f9f9f298f248813711e5e80ba6642011f09fae687fd28e4c7f9b
SHA512

624fd284edfb61821c04f51da6b61950a4961b4597460df14f9333307f5641aad2c094f1b046012099556f2b909d4d8821cd174492f0ac4d7f3845a28dea7ce3
SSDEEP

192:rAjp8aOADbpgom/PvgAqgOXalpmVGF3c62PhlKBf49xuM3XcEsR3qzX:tWPmH1q3XRVQcx5C6xTsjqz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9b8bac4395c9f9f9f298f248813711e5e80ba6642011f09fae687fd28e4c7f9b

Files

9b8bac4395c9f9f9f298f248813711e5e80ba6642011f09fae687fd28e4c7f9b
.dll windows:6 windows x64 arch:x64

c99d54631b920f301830ac889b4be816

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Dev\work\NetVision\Dev\Install\Scripts\InnoSetup_MULTI\ProgramDir\PgBuild\postgresql\Release\auto_explain\auto_explain.pdb

Imports

postgres.exe

ExecutorFinish_hook
ExecutorRun_hook
ExecutorStart_hook
ParallelWorkerNumber
CurrentMemoryContext
standard_ExecutorFinish
PG_exception_stack
error_context_stack
EmitWarningsOnPlaceholders
DefineCustomEnumVariable
DefineCustomRealVariable
DefineCustomIntVariable
DefineCustomBoolVariable
ExplainEndOutput
ExplainBeginOutput
ExplainQueryText
ExplainPrintJITSummary
ExplainPrintTriggers
ExplainPrintPlan
NewExplainState
standard_ExecutorEnd
standard_ExecutorRun
standard_ExecutorStart
InstrEndLoop
InstrAlloc
pg_re_throw
errhidestmt
errmsg
errfinish
errstart
ExecutorEnd_hook
random

msvcr120

free
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
__crtCapturePreviousContext
__crtCaptureCurrentContext
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
__C_specific_handler
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
_setjmp
__clean_type_info_names_internal

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
DisableThreadLibraryCalls

Exports

Exports

Pg_magic_func
_PG_fini
_PG_init

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c99d54631b920f301830ac889b4be816

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

postgres.exe

msvcr120

kernel32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 396B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 48B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 396B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 48B