e442341a5e328d8416cb4f7a3935a4cad0c214f322f099ded68fee145a9f50df

General

Target

e442341a5e328d8416cb4f7a3935a4cad0c214f322f099ded68fee145a9f50df
Size

10KB
MD5

d79618b167859d208d76b531c3712b8b
SHA1

ac046e4b2b304b96a0a038b2ae4269c27f056d09
SHA256

e442341a5e328d8416cb4f7a3935a4cad0c214f322f099ded68fee145a9f50df
SHA512

c3da3e461c5a91186b8ec4c208ab7fbf7720fc2bb244d5be4dba2d0c9e93d1999a870360990651c057d98c13317e42af2102b705fa61c10f23d109d5f22bb75c
SSDEEP

192:T2TagLpPsH+cxppRp59ZwewUus9663XXTVBaP:S2gBVcxhvlg2HTVsP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e442341a5e328d8416cb4f7a3935a4cad0c214f322f099ded68fee145a9f50df

Files

e442341a5e328d8416cb4f7a3935a4cad0c214f322f099ded68fee145a9f50df
.dll windows:6 windows x64 arch:x64

7f96b453e56a8c69ff2cb13d1472c3e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Dev\work\NetVision\Dev\Install\Scripts\InnoSetup_MULTI\ProgramDir\PgBuild\postgresql\Release\moddatetime\moddatetime.pdb

Imports

postgres.exe

timestamp_in
timestamptz_in
SPI_getrelname
SPI_gettypeid
SPI_fnumber
DirectFunctionCall3Coll
heap_modify_tuple_by_cols
pfree
elog_finish
elog_start
errmsg
errcode
errfinish
errstart

msvcr120

__clean_type_info_names_internal
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
__CppXcptFilter
_amsg_exit
free
_malloc_crt
_initterm
_initterm_e
__C_specific_handler

kernel32

DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
DecodePointer
EncodePointer

Exports

Exports

Pg_magic_func
moddatetime
pg_finfo_moddatetime

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f96b453e56a8c69ff2cb13d1472c3e1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

postgres.exe

msvcr120

kernel32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 88B

.pdata Size: 512B - Virtual size: 204B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 16B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 88B

.pdata
Size: 512B - Virtual size: 204B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 16B