fd7e3e0c195d73fb52e471d50ec86471b798fb9b8b6e5d2bf0ee3836b05ccf0b

Sharing

Copy URL Twitter E-mail

General

Target

fd7e3e0c195d73fb52e471d50ec86471b798fb9b8b6e5d2bf0ee3836b05ccf0b
Size

47KB
MD5

f72271939530911b1934a22d111d919e
SHA1

cb08ffcdad4ac31016dfefaf440d6258b761b3e0
SHA256

fd7e3e0c195d73fb52e471d50ec86471b798fb9b8b6e5d2bf0ee3836b05ccf0b
SHA512

576c69a8d216f3455ba39c5ad83bd92b41e7718e9358d91e67f372b16743d84b956c31f53af3f3f1ce0860af0816078f4ffce9683c9fffdd9c23844d22f0cce8
SSDEEP

768:SeUNf1ZrNCCxautfL3h0lcjPy33Mkmfry9hIykA5v+MHYcwKWkN2jDXganDYVJ9/:ItbCCxautfFSgi3MVTyrIxEnHUkkgasF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd7e3e0c195d73fb52e471d50ec86471b798fb9b8b6e5d2bf0ee3836b05ccf0b

Files

fd7e3e0c195d73fb52e471d50ec86471b798fb9b8b6e5d2bf0ee3836b05ccf0b
.dll windows:6 windows x64 arch:x64

99b081b9e30e079f8a171d3238e22374

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Dev\work\NetVision\Dev\Install\Scripts\InnoSetup_MULTI\ProgramDir\PgBuild\postgresql\Release\pg_trgm\pg_trgm.pdb

Imports

postgres.exe

list_delete_cell
pg_mb2wchar_with_len
pg_wchar2mb_with_len
pg_regcomp
pg_regfree
pg_regerror
pg_reg_getinitialstate
pg_reg_getfinalstate
pg_reg_getnumoutarcs
pg_reg_getoutarcs
pg_reg_getnumcolors
pg_reg_colorisbegin
list_delete_first
pg_reg_getnumcharacters
pg_reg_getcharacters
lowerstr
hash_create
hash_search
hash_get_num_entries
hash_seq_init
hash_seq_search
MemoryContextDelete
AllocSetContextCreateInternal
error_context_stack
PG_exception_stack
list_concat
lcons
lappend
MemoryContextAllocZero
pg_re_throw
pg_crc32_table
getTypeOutputInfo
lowerstr_with_len
t_isalpha
t_isdigit
pg_database_encoding_max_length
pg_mblen
DefineCustomRealVariable
SetConfigOption
construct_array
OidOutputFunctionCall
DirectFunctionCall2Coll
palloc0
errmsg
errcode
errfinish
errstart
pg_snprintf
pg_popcount
pg_number_of_ones
pg_detoast_datum
MemoryContextAlloc
pg_qsort
CurrentMemoryContext
pg_detoast_datum_packed
pfree
palloc
elog_finish
pg_reg_colorisend
elog_start

msvcr120

__clean_type_info_names_internal
__dllonexit
_calloc_crt
_unlock
_lock
__crtCapturePreviousContext
__crtCaptureCurrentContext
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
__C_specific_handler
_initterm_e
_initterm
_malloc_crt
free
_amsg_exit
__CppXcptFilter
_setjmp
bsearch
memset
isalnum
memcpy
memcmp
_onexit

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
DisableThreadLibraryCalls

Exports

Exports

Pg_magic_func
_PG_init
cnt_sml
compact_trigram
createTrgmNFA
generate_trgm
generate_wildcard_trgm
gin_extract_query_trgm
gin_extract_trgm
gin_extract_value_trgm
gin_trgm_consistent
gin_trgm_triconsistent
gtrgm_compress
gtrgm_consistent
gtrgm_decompress
gtrgm_distance
gtrgm_in
gtrgm_out
gtrgm_penalty
gtrgm_picksplit
gtrgm_same
gtrgm_union
index_strategy_get_limit
pg_finfo_gin_extract_query_trgm
pg_finfo_gin_extract_trgm
pg_finfo_gin_extract_value_trgm
pg_finfo_gin_trgm_consistent
pg_finfo_gin_trgm_triconsistent
pg_finfo_gtrgm_compress
pg_finfo_gtrgm_consistent
pg_finfo_gtrgm_decompress
pg_finfo_gtrgm_distance
pg_finfo_gtrgm_in
pg_finfo_gtrgm_out
pg_finfo_gtrgm_penalty
pg_finfo_gtrgm_picksplit
pg_finfo_gtrgm_same
pg_finfo_gtrgm_union
pg_finfo_set_limit
pg_finfo_show_limit
pg_finfo_show_trgm
pg_finfo_similarity
pg_finfo_similarity_dist
pg_finfo_similarity_op
pg_finfo_strict_word_similarity
pg_finfo_strict_word_similarity_commutator_op
pg_finfo_strict_word_similarity_dist_commutator_op
pg_finfo_strict_word_similarity_dist_op
pg_finfo_strict_word_similarity_op
pg_finfo_word_similarity
pg_finfo_word_similarity_commutator_op
pg_finfo_word_similarity_dist_commutator_op
pg_finfo_word_similarity_dist_op
pg_finfo_word_similarity_op
set_limit
show_limit
show_trgm
similarity
similarity_dist
similarity_op
similarity_threshold
strict_word_similarity
strict_word_similarity_commutator_op
strict_word_similarity_dist_commutator_op
strict_word_similarity_dist_op
strict_word_similarity_op
strict_word_similarity_threshold
trgm2int
trgm_contained_by
trgm_presence_map
trigramsMatchGraph
word_similarity
word_similarity_commutator_op
word_similarity_dist_commutator_op
word_similarity_dist_op
word_similarity_op
word_similarity_threshold

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99b081b9e30e079f8a171d3238e22374

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

postgres.exe

msvcr120

kernel32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 20B

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 20B