72596dc2b87fa5cfb37e2ddb6d97eb7c974426741a96ebe3f7a97d83228656aa

Sharing

Copy URL Twitter E-mail

General

Target

72596dc2b87fa5cfb37e2ddb6d97eb7c974426741a96ebe3f7a97d83228656aa
Size

46KB
MD5

b2113341132e45e9fc0bea142e01daa6
SHA1

e9be1a973663aa4ba558b36a5a069a18c46867c0
SHA256

72596dc2b87fa5cfb37e2ddb6d97eb7c974426741a96ebe3f7a97d83228656aa
SHA512

50b5f65c489449394bf5e3cabb7ed0f50324b0519537fd4a93350a96d59d51570d7009de48aacb429445ff960393ea31ed78e14bb7a7daec4d3432973a112171
SSDEEP

768:Q+wEgkvHhSpL1G7L76HOTkylOs1amP5FS8AdqBP2Igq4Js3T0xrsDY:Q+wbkvHhSpL1ZHkkiOQaQlBdgzA0xrsU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72596dc2b87fa5cfb37e2ddb6d97eb7c974426741a96ebe3f7a97d83228656aa

Files

72596dc2b87fa5cfb37e2ddb6d97eb7c974426741a96ebe3f7a97d83228656aa
.dll windows:6 windows x64 arch:x64

d30a850dc4774726ce884f92a8848ed3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Dev\work\NetVision\Dev\Install\Scripts\InnoSetup_MULTI\ProgramDir\PgBuild\postgresql\Release\cube\cube.pdb

Imports

postgres.exe

float8in_internal
pstrdup
errmsg_internal
float8out_internal
ArrayGetNItems
array_contains_nulls
DirectFunctionCall2Coll
pg_detoast_datum
appendStringInfoChar
appendStringInfoString
initStringInfo
pfree
repalloc
palloc0
palloc
elog_finish
elog_start
errdetail
errmsg
errcode
errfinish
errstart

msvcr120

__clean_type_info_names_internal
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
__crtCapturePreviousContext
__crtCaptureCurrentContext
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
__C_specific_handler
sqrt
__iob_func
clearerr
ferror
fread
getc
_errno
exit
free
malloc
realloc
strchr
memcpy
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e

kernel32

DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer

Exports

Exports

Pg_magic_func
cube_a_f8
cube_a_f8_f8
cube_c_f8
cube_c_f8_f8
cube_cmp
cube_cmp_v0
cube_contained
cube_contains
cube_contains_v0
cube_coord
cube_coord_llur
cube_dim
cube_distance
cube_enlarge
cube_eq
cube_f8
cube_f8_f8
cube_ge
cube_gt
cube_in
cube_inter
cube_is_point
cube_le
cube_ll_coord
cube_lt
cube_ne
cube_out
cube_overlap
cube_overlap_v0
cube_scanner_finish
cube_scanner_init
cube_size
cube_subset
cube_union
cube_union_v0
cube_ur_coord
cube_yy_create_buffer
cube_yy_delete_buffer
cube_yy_flex_debug
cube_yy_flush_buffer
cube_yy_scan_buffer
cube_yy_scan_bytes
cube_yy_scan_string
cube_yy_switch_to_buffer
cube_yyalloc
cube_yyerror
cube_yyfree
cube_yyget_debug
cube_yyget_in
cube_yyget_leng
cube_yyget_lineno
cube_yyget_out
cube_yyget_text
cube_yyin
cube_yylex
cube_yylex_destroy
cube_yylineno
cube_yyout
cube_yyparse
cube_yypop_buffer_state
cube_yypush_buffer_state
cube_yyrealloc
cube_yyrestart
cube_yyset_debug
cube_yyset_in
cube_yyset_lineno
cube_yyset_out
distance_chebyshev
distance_taxicab
g_cube_binary_union
g_cube_compress
g_cube_consistent
g_cube_decompress
g_cube_distance
g_cube_internal_consistent
g_cube_leaf_consistent
g_cube_penalty
g_cube_picksplit
g_cube_same
g_cube_union
pg_finfo_cube_a_f8
pg_finfo_cube_a_f8_f8
pg_finfo_cube_c_f8
pg_finfo_cube_c_f8_f8
pg_finfo_cube_cmp
pg_finfo_cube_contained
pg_finfo_cube_contains
pg_finfo_cube_coord
pg_finfo_cube_coord_llur
pg_finfo_cube_dim
pg_finfo_cube_distance
pg_finfo_cube_enlarge
pg_finfo_cube_eq
pg_finfo_cube_f8
pg_finfo_cube_f8_f8
pg_finfo_cube_ge
pg_finfo_cube_gt
pg_finfo_cube_in
pg_finfo_cube_inter
pg_finfo_cube_is_point
pg_finfo_cube_le
pg_finfo_cube_ll_coord
pg_finfo_cube_lt
pg_finfo_cube_ne
pg_finfo_cube_out
pg_finfo_cube_overlap
pg_finfo_cube_size
pg_finfo_cube_subset
pg_finfo_cube_union
pg_finfo_cube_ur_coord
pg_finfo_distance_chebyshev
pg_finfo_distance_taxicab
pg_finfo_g_cube_compress
pg_finfo_g_cube_consistent
pg_finfo_g_cube_decompress
pg_finfo_g_cube_distance
pg_finfo_g_cube_penalty
pg_finfo_g_cube_picksplit
pg_finfo_g_cube_same
pg_finfo_g_cube_union
rt_cube_size

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d30a850dc4774726ce884f92a8848ed3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

postgres.exe

msvcr120

kernel32

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 20B

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 20B