87726a2a4f81e0179d2763bc4916cd352b5d822ef9c5b52a6a31883186bf18fc

Sharing

Copy URL

Twitter E-mail

General

Target

87726a2a4f81e0179d2763bc4916cd352b5d822ef9c5b52a6a31883186bf18fc
Size

27KB
MD5

4a48c8c2e3f2361f245f426c0927c1f4
SHA1

8ebb8dd49b8489ce19dae0d136dd761306d244b0
SHA256

87726a2a4f81e0179d2763bc4916cd352b5d822ef9c5b52a6a31883186bf18fc
SHA512

29e6d4711cdfa190a475816a145f5949abb3caa654c5aa33e2c258bcf3dec9f625ccf9a192d9ec0cc0703172c573ea6694cffc9ab66b1b89416f3452af9cd884
SSDEEP

384:rqXyfzZ/ETkrfxJfOqUC7f7WS+bX9D8G+Gu4bQJLM9A5s4spjGRK:rTfzZETkr/GV7S+bX9luM8LMuh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87726a2a4f81e0179d2763bc4916cd352b5d822ef9c5b52a6a31883186bf18fc

Files

87726a2a4f81e0179d2763bc4916cd352b5d822ef9c5b52a6a31883186bf18fc
.dll windows:6 windows x64 arch:x64

edddeeb7ee94ed58862d747267a7a3ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Dev\work\NetVision\Dev\Install\Scripts\InnoSetup_MULTI\ProgramDir\PgBuild\postgresql\Release\pgstattuple\pgstattuple.pdb

Imports

postgres.exe

BufferBlocks
LocalBufferBlockPointers
pstrdup
psprintf
pg_detoast_datum_packed
index_open
index_close
PageGetFreeSpace
PageGetExactFreeSpace
ReadBuffer
BufferGetBlockNumber
_hash_getbuf
_hash_relbuf
relation_openrv
InterruptPending
BlessTupleDesc
TupleDescGetAttInMetadata
BuildTupleFromCStrings
textToQualifiedNameList
pg_snprintf
gistcheckpage
_hash_getbuf_with_strategy
heap_getnext
HeapTupleSatisfiesVisibility
_bt_relbuf
LockRelationForExtension
UnlockRelationForExtension
SnapshotAnyData
pg_signal_mask
pg_signal_queue
GetOldestXmin
GetRecordedFreeSpace
GetAccessStrategy
LockBuffer
RelationGetNumberOfBlocksInFork
UnlockReleaseBuffer
ReleaseBuffer
ReadBufferExtended
superuser
ProcessInterrupts
HeapTupleHeaderGetDatum
get_call_result_type
vac_estimate_reltuples
visibilitymap_get_status
HeapTupleSatisfiesVacuum
PageGetHeapFreeSpace
heap_form_tuple
relation_close
relation_open
elog_finish
elog_start
errmsg
errcode
errfinish
errstart
makeRangeVarFromNameList
pgwin32_dispatch_queued_signals

msvcr120

_onexit
__dllonexit
_calloc_crt
_unlock
_lock
__crtCapturePreviousContext
__crtCaptureCurrentContext
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
__C_specific_handler
_initterm_e
_initterm
_malloc_crt
free
_amsg_exit
__CppXcptFilter
__clean_type_info_names_internal

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
DisableThreadLibraryCalls

Exports

Exports

Pg_magic_func
pg_finfo_pg_relpages
pg_finfo_pg_relpages_v1_5
pg_finfo_pg_relpagesbyid
pg_finfo_pg_relpagesbyid_v1_5
pg_finfo_pgstatginindex
pg_finfo_pgstatginindex_v1_5
pg_finfo_pgstathashindex
pg_finfo_pgstatindex
pg_finfo_pgstatindex_v1_5
pg_finfo_pgstatindexbyid
pg_finfo_pgstatindexbyid_v1_5
pg_finfo_pgstattuple
pg_finfo_pgstattuple_approx
pg_finfo_pgstattuple_approx_v1_5
pg_finfo_pgstattuple_v1_5
pg_finfo_pgstattuplebyid
pg_finfo_pgstattuplebyid_v1_5
pg_relpages
pg_relpages_v1_5
pg_relpagesbyid
pg_relpagesbyid_v1_5
pgstatginindex
pgstatginindex_internal
pgstatginindex_v1_5
pgstathashindex
pgstatindex
pgstatindex_v1_5
pgstatindexbyid
pgstatindexbyid_v1_5
pgstattuple
pgstattuple_approx
pgstattuple_approx_internal
pgstattuple_approx_v1_5
pgstattuple_v1_5
pgstattuplebyid
pgstattuplebyid_v1_5

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

edddeeb7ee94ed58862d747267a7a3ae

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

postgres.exe

msvcr120

kernel32

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 14KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 744B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 20B

.text
Size: 15KB - Virtual size: 14KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 744B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 20B