7b6b02a88fd73394edfa0a5b7721d64cb70a82ffe847fc26bdf4870798bfec84

Sharing

Copy URL Twitter E-mail

General

Target

7b6b02a88fd73394edfa0a5b7721d64cb70a82ffe847fc26bdf4870798bfec84
Size

54KB
MD5

02da7d464ae1c2c298622a048e999841
SHA1

78e84982ec153789555f16fd4a766b78fca047e9
SHA256

7b6b02a88fd73394edfa0a5b7721d64cb70a82ffe847fc26bdf4870798bfec84
SHA512

fe7e948c04f99808422f89b46887f37fce3b7baebf514d3950c216d9e20ac7ee6310ee9abd03f464504f794b6cc59bb533de6763cc5b58798ba463a685773584
SSDEEP

1536:QKP2u8Ygt3uLVQEuZn2KyLw+Le8h39GvT:h2u8YgtKVQEuZnlyLw+i8h39OT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7b6b02a88fd73394edfa0a5b7721d64cb70a82ffe847fc26bdf4870798bfec84

Files

7b6b02a88fd73394edfa0a5b7721d64cb70a82ffe847fc26bdf4870798bfec84
.dll windows:6 windows x64 arch:x64

4d207683a1bdf2a1db864e78df347f6e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Dev\work\NetVision\Dev\Install\Scripts\InnoSetup_MULTI\ProgramDir\PgBuild\postgresql\Release\ltree\ltree.pdb

Imports

postgres.exe

get_opcode
get_restriction_variable
mcv_selectivity
text_to_cstring
repalloc
t_isspace
DirectFunctionCall1Coll
pg_popcount
pg_detoast_datum_packed
fmgr_info
t_isalpha
t_isdigit
errdetail
pg_sprintf
pg_detoast_datum_copy
InterruptPending
pg_signal_mask
pg_signal_queue
pg_mblen
str_tolower
check_stack_depth
ProcessInterrupts
pgwin32_dispatch_queued_signals
pg_crc32_table
DirectFunctionCall2Coll
pg_number_of_ones
ArrayGetNItems
array_contains_nulls
pg_detoast_datum
pfree
palloc0
palloc
elog_finish
elog_start
errmsg
errcode
errfinish
errstart
histogram_selectivity
pg_qsort

msvcr120

strncmp
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
__crtCapturePreviousContext
__crtCaptureCurrentContext
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
__C_specific_handler
_initterm_e
_initterm
_malloc_crt
free
_amsg_exit
__CppXcptFilter
strchr
atoi
memcmp
memcpy
__clean_type_info_names_internal

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
DisableThreadLibraryCalls

Exports

Exports

Pg_magic_func
_lca
_lt_q_regex
_lt_q_rregex
_ltq_extract_regex
_ltq_regex
_ltq_rregex
_ltree_compress
_ltree_consistent
_ltree_extract_isparent
_ltree_extract_risparent
_ltree_isparent
_ltree_penalty
_ltree_picksplit
_ltree_r_isparent
_ltree_r_risparent
_ltree_risparent
_ltree_same
_ltree_union
_ltxtq_exec
_ltxtq_extract_exec
_ltxtq_rexec
compare_subnode
inner_isparent
lca
lca_inner
lquery_in
lquery_out
lt_q_regex
lt_q_rregex
ltq_regex
ltq_rregex
ltree2text
ltree_addltree
ltree_addtext
ltree_cmp
ltree_compare
ltree_compress
ltree_consistent
ltree_crc32_sz
ltree_decompress
ltree_eq
ltree_execute
ltree_ge
ltree_gist_in
ltree_gist_out
ltree_gt
ltree_in
ltree_index
ltree_isparent
ltree_le
ltree_lt
ltree_ne
ltree_out
ltree_penalty
ltree_picksplit
ltree_risparent
ltree_same
ltree_strncasecmp
ltree_textadd
ltree_union
ltreeparentsel
ltxtq_exec
ltxtq_in
ltxtq_out
ltxtq_rexec
nlevel
pg_finfo__lca
pg_finfo__lt_q_regex
pg_finfo__lt_q_rregex
pg_finfo__ltq_extract_regex
pg_finfo__ltq_regex
pg_finfo__ltq_rregex
pg_finfo__ltree_compress
pg_finfo__ltree_consistent
pg_finfo__ltree_extract_isparent
pg_finfo__ltree_extract_risparent
pg_finfo__ltree_isparent
pg_finfo__ltree_penalty
pg_finfo__ltree_picksplit
pg_finfo__ltree_r_isparent
pg_finfo__ltree_r_risparent
pg_finfo__ltree_risparent
pg_finfo__ltree_same
pg_finfo__ltree_union
pg_finfo__ltxtq_exec
pg_finfo__ltxtq_extract_exec
pg_finfo__ltxtq_rexec
pg_finfo_lca
pg_finfo_lquery_in
pg_finfo_lquery_out
pg_finfo_lt_q_regex
pg_finfo_lt_q_rregex
pg_finfo_ltq_regex
pg_finfo_ltq_rregex
pg_finfo_ltree2text
pg_finfo_ltree_addltree
pg_finfo_ltree_addtext
pg_finfo_ltree_cmp
pg_finfo_ltree_compress
pg_finfo_ltree_consistent
pg_finfo_ltree_decompress
pg_finfo_ltree_eq
pg_finfo_ltree_ge
pg_finfo_ltree_gist_in
pg_finfo_ltree_gist_out
pg_finfo_ltree_gt
pg_finfo_ltree_in
pg_finfo_ltree_index
pg_finfo_ltree_isparent
pg_finfo_ltree_le
pg_finfo_ltree_lt
pg_finfo_ltree_ne
pg_finfo_ltree_out
pg_finfo_ltree_penalty
pg_finfo_ltree_picksplit
pg_finfo_ltree_risparent
pg_finfo_ltree_same
pg_finfo_ltree_textadd
pg_finfo_ltree_union
pg_finfo_ltreeparentsel
pg_finfo_ltxtq_exec
pg_finfo_ltxtq_in
pg_finfo_ltxtq_out
pg_finfo_ltxtq_rexec
pg_finfo_nlevel
pg_finfo_subltree
pg_finfo_subpath
pg_finfo_text2ltree
subltree
subpath
text2ltree

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d207683a1bdf2a1db864e78df347f6e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

postgres.exe

msvcr120

kernel32

Exports

Exports

Sections

.text Size: 37KB - Virtual size: 37KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 20B

.text
Size: 37KB - Virtual size: 37KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 20B