c3f7f42d268f993956ee62b0fa003d2f9ee87ab60bf14099ebe8393cb42db37c

Sharing

Copy URL Twitter E-mail

General

Target

c3f7f42d268f993956ee62b0fa003d2f9ee87ab60bf14099ebe8393cb42db37c
Size

18KB
MD5

9b153dead91d13403dcf697d6ad9f2a6
SHA1

3b5e34a27bda9e8fc2daa2c8da01ae2df55735e6
SHA256

c3f7f42d268f993956ee62b0fa003d2f9ee87ab60bf14099ebe8393cb42db37c
SHA512

6c6113facb3c8763f5c6cd6073a7460fb6d4d193f8f6e8364852f9b30a66eab6b010868c8af6a6297f701d207e20b336fef084a9ad6eca5423c23b90645a3f0d
SSDEEP

384:5vTDVm+DtwyUtl9ybzLPmX76ycqbXTs8bp:57DVm+i3tTyPieobXT9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c3f7f42d268f993956ee62b0fa003d2f9ee87ab60bf14099ebe8393cb42db37c

Files

c3f7f42d268f993956ee62b0fa003d2f9ee87ab60bf14099ebe8393cb42db37c
.dll windows:6 windows x64 arch:x64

9b00fa36871827722447de5525c3de41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Dev\work\NetVision\Dev\Install\Scripts\InnoSetup_MULTI\ProgramDir\PgBuild\postgresql\Release\adminpack\adminpack.pdb

Imports

postgres.exe

Log_filename
Log_directory
work_mem
DataDir
CurrentMemoryContext
DecodeDateTime
ParseDateTime
text_to_cstring
superuser
GetUserId
BuildTupleFromCStrings
TupleDescGetAttInMetadata
tuplestore_puttuple
tuplestore_begin_heap
FreeDir
ReadDir
AllocateDir
FreeFile
AllocateFile
is_member_of_role
pg_detoast_datum_packed
TupleDescInitEntry
CreateTemplateTupleDesc
psprintf
errmsg
errcode_for_file_access
errcode
errfinish
errstart
path_is_prefix_of_path
path_is_relative_and_below_cwd
path_contains_parent_reference
canonicalize_path
pgwin32_safestat

msvcr120

rename
_unlink
__clean_type_info_names_internal
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
__crtCapturePreviousContext
__crtCaptureCurrentContext
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
__C_specific_handler
_initterm_e
_initterm
_malloc_crt
free
_amsg_exit
__CppXcptFilter
strcmp
isalpha
strncmp
_errno
fwrite
_access

kernel32

GetCurrentProcessId
DecodePointer
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
EncodePointer
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent

Exports

Exports

Pg_magic_func
pg_file_rename
pg_file_rename_v1_1
pg_file_unlink
pg_file_unlink_v1_1
pg_file_write
pg_file_write_v1_1
pg_finfo_pg_file_rename
pg_finfo_pg_file_rename_v1_1
pg_finfo_pg_file_unlink
pg_finfo_pg_file_unlink_v1_1
pg_finfo_pg_file_write
pg_finfo_pg_file_write_v1_1
pg_finfo_pg_logdir_ls
pg_finfo_pg_logdir_ls_v1_1
pg_logdir_ls
pg_logdir_ls_v1_1

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b00fa36871827722447de5525c3de41

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

postgres.exe

msvcr120

kernel32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 528B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 20B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 528B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 20B