40098995d090e54e66fad941938537f17576513527f65b06c2cb60a5ac04694a

Sharing

Copy URL Twitter E-mail

General

Target

40098995d090e54e66fad941938537f17576513527f65b06c2cb60a5ac04694a
Size

39KB
MD5

fdb4eebf4a5c4bb307dc2ae18fd3b1fe
SHA1

893795dfdfd9a76bf33ad308983d22bbbb7296ac
SHA256

40098995d090e54e66fad941938537f17576513527f65b06c2cb60a5ac04694a
SHA512

9e6bf16b67085d1b5e650111e4f71b1045a52e78cfc1d71ab178e51c4ed88eccf39d3f439e622406a326931d7bc2c56b24a6dd10d191b722db573f35ca298a2c
SSDEEP

768:shM1N9BzGgqQAX+QGUtHe3N//HOue26TniK:shONiFOQRV5E6Tnx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40098995d090e54e66fad941938537f17576513527f65b06c2cb60a5ac04694a

Files

40098995d090e54e66fad941938537f17576513527f65b06c2cb60a5ac04694a
.dll windows:6 windows x64 arch:x64

032a821ce110f80e74842a4fb8e47981

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Dev\work\NetVision\Dev\Install\Scripts\InnoSetup_MULTI\ProgramDir\PgBuild\postgresql\Release\pageinspect\pageinspect.pdb

Imports

postgres.exe

cstring_to_text
getTypeOutputInfo
superuser
CurrentMemoryContext
work_mem
pg_sprintf
palloc0
PageGetFreeSpace
pg_detoast_datum_packed
ReadBuffer
UnlockReleaseBuffer
RelationGetNumberOfBlocksInFork
LockBuffer
relation_openrv
relation_close
makeRangeVarFromNameList
TupleDescGetAttInMetadata
BuildTupleFromCStrings
textToQualifiedNameList
BufferBlocks
LocalBufferBlockPointers
end_MultiFuncCall
cstring_to_text_with_len
DirectFunctionCall1Coll
ginPostingListDecode
construct_array
to_hex32
_hash_ovflblkno_to_bitno
_hash_getbuf
_hash_relbuf
_hash_get_indextuple_hashkey
relation_open
pg_detoast_datum_copy
initArrayResult
accumArrayResult
makeArrayResult
text_to_cstring
pg_snprintf
errhint
forkname_to_number
ReadBufferExtended
ReleaseBuffer
pg_checksum_page
per_MultiFuncCall
init_MultiFuncCall
HeapTupleHeaderGetDatum
BlessTupleDesc
get_call_result_type
brin_deform_tuple
brin_free_desc
brin_build_desc
index_close
index_open
tuplestore_putvalues
tuplestore_begin_heap
appendStringInfoChar
appendStringInfoString
initStringInfo
OutputFunctionCall
pg_detoast_datum
fmgr_info
psprintf
heap_form_tuple
pfree
palloc
elog_finish
elog_start
errdetail
errmsg
errcode
errfinish
appendStringInfo
errstart

msvcr120

__clean_type_info_names_internal
__dllonexit
_calloc_crt
_unlock
_lock
__crtCapturePreviousContext
__crtCaptureCurrentContext
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
__C_specific_handler
_initterm_e
_initterm
_malloc_crt
free
_amsg_exit
__CppXcptFilter
memcpy
_onexit

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
DisableThreadLibraryCalls

Exports

Exports

Pg_magic_func
brin_metapage_info
brin_page_items
brin_page_type
brin_revmap_data
bt_metap
bt_page_items
bt_page_items_bytea
bt_page_stats
fsm_page_contents
get_page_from_raw
get_raw_page
get_raw_page_fork
gin_leafpage_items
gin_metapage_info
gin_page_opaque_info
hash_bitmap_info
hash_metapage_info
hash_page_items
hash_page_stats
hash_page_type
heap_page_items
page_checksum
page_header
pg_finfo_brin_metapage_info
pg_finfo_brin_page_items
pg_finfo_brin_page_type
pg_finfo_brin_revmap_data
pg_finfo_bt_metap
pg_finfo_bt_page_items
pg_finfo_bt_page_items_bytea
pg_finfo_bt_page_stats
pg_finfo_fsm_page_contents
pg_finfo_get_raw_page
pg_finfo_get_raw_page_fork
pg_finfo_gin_leafpage_items
pg_finfo_gin_metapage_info
pg_finfo_gin_page_opaque_info
pg_finfo_hash_bitmap_info
pg_finfo_hash_metapage_info
pg_finfo_hash_page_items
pg_finfo_hash_page_stats
pg_finfo_hash_page_type
pg_finfo_heap_page_items
pg_finfo_page_checksum
pg_finfo_page_header
pg_finfo_tuple_data_split
tuple_data_split

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

032a821ce110f80e74842a4fb8e47981

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

postgres.exe

msvcr120

kernel32

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 28B

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 28B