ea47d40ee96cb79d68f02aa62896f55cf8f6e57b5c164780fb546cf50660c0c6

Sharing

Copy URL Twitter E-mail

General

Target

ea47d40ee96cb79d68f02aa62896f55cf8f6e57b5c164780fb546cf50660c0c6
Size

16KB
MD5

6d22c7479c6d3e4f71b98cda39fe2b46
SHA1

9a10d830f8fb12c026daad60a96ba5f32f9a65c8
SHA256

ea47d40ee96cb79d68f02aa62896f55cf8f6e57b5c164780fb546cf50660c0c6
SHA512

64c588d4fe3a97fdd4c13d28da03eb1bf4440d253eb70a488ce14cf3b8cfe6933fdeeba98f598338101574e97dd98878e7cfd70e15e7cde478b0ef40e3e851dc
SSDEEP

384:/cFdt0STrAsmJMqo9iaJT7nS4coKA49lHjM:/cf6+AsmJMq67otAo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea47d40ee96cb79d68f02aa62896f55cf8f6e57b5c164780fb546cf50660c0c6

Files

ea47d40ee96cb79d68f02aa62896f55cf8f6e57b5c164780fb546cf50660c0c6
.dll windows:6 windows x64 arch:x64

8ff45e3ce15d9f70a662721d7d6dbefa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Dev\work\NetVision\Dev\Install\Scripts\InnoSetup_MULTI\ProgramDir\PgBuild\postgresql\Release\euc_jp_and_sjis\euc_jp_and_sjis.pdb

Imports

postgres.exe

report_untranslatable_char
report_invalid_encoding
check_encoding_conversion_args
pg_encoding_verifymb

msvcr120

_malloc_crt
_initterm
_initterm_e
free
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
__clean_type_info_names_internal
_amsg_exit
__CppXcptFilter
__C_specific_handler

kernel32

DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
DecodePointer
EncodePointer
QueryPerformanceCounter

Exports

Exports

Pg_magic_func
euc_jp_to_mic
euc_jp_to_sjis
mic_to_euc_jp
mic_to_sjis
pg_finfo_euc_jp_to_mic
pg_finfo_euc_jp_to_sjis
pg_finfo_mic_to_euc_jp
pg_finfo_mic_to_sjis
pg_finfo_sjis_to_euc_jp
pg_finfo_sjis_to_mic
sjis_to_euc_jp
sjis_to_mic

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ff45e3ce15d9f70a662721d7d6dbefa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

postgres.exe

msvcr120

kernel32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 88B

.pdata Size: 512B - Virtual size: 480B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 16B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 88B

.pdata
Size: 512B - Virtual size: 480B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 16B