057388b49a5b0f5966b57f8102b2c0097cf718b96381f92b42421ac16c105181

General

Target

057388b49a5b0f5966b57f8102b2c0097cf718b96381f92b42421ac16c105181
Size

10KB
MD5

c9d3bccc3580e043d528c70b15746d98
SHA1

996258fba836dbbe86dc7b8f07cb96700000c500
SHA256

057388b49a5b0f5966b57f8102b2c0097cf718b96381f92b42421ac16c105181
SHA512

c64d2c54c5e18a7a8ccdcc3cb2ef54ce01cc2937cc788f13fdb5a77706eb15b08ba5083acdfbcd00c8a4f58095cda9af7195ff125039cf14411dbab8077a6ac0
SSDEEP

96:XDzabKUn9GtP7x0/V7YsGm2W2Q4r7B1W86EoG2LB8i0iw7Pb8D4mw/3XBg+EKMpL:TzgsP7atM+2pxxloGsN0B8EZ/3XXEFP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
057388b49a5b0f5966b57f8102b2c0097cf718b96381f92b42421ac16c105181

Files

057388b49a5b0f5966b57f8102b2c0097cf718b96381f92b42421ac16c105181
.dll windows:6 windows x64 arch:x64

19bc5be346d184e64031fc5a464209cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Dev\work\NetVision\Dev\Install\Scripts\InnoSetup_MULTI\ProgramDir\PgBuild\postgresql\Release\insert_username\insert_username.pdb

Imports

postgres.exe

cstring_to_text
GetUserId
GetUserNameFromId
SPI_getrelname
SPI_gettypeid
SPI_fnumber
heap_modify_tuple_by_cols
pfree
elog_finish
elog_start
errmsg
errcode
errfinish
errstart

msvcr120

__clean_type_info_names_internal
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
__CppXcptFilter
_amsg_exit
free
_malloc_crt
_initterm
_initterm_e
__C_specific_handler

kernel32

DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
DecodePointer
EncodePointer

Exports

Exports

Pg_magic_func
insert_username
pg_finfo_insert_username

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19bc5be346d184e64031fc5a464209cd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

postgres.exe

msvcr120

kernel32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 88B

.pdata Size: 512B - Virtual size: 204B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 16B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 88B

.pdata
Size: 512B - Virtual size: 204B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 16B