b72177d35fbefe4bf18d3ed231bda9feff64bfe3e0fff95937ef238d524e400c

Sharing

Copy URL

Twitter E-mail

General

Target

b72177d35fbefe4bf18d3ed231bda9feff64bfe3e0fff95937ef238d524e400c
Size

23KB
MD5

fc7460f4e60cfbe3218d4e4947176f2c
SHA1

bb62a7c3fe491d29820c0eba02a8b02835185dfe
SHA256

b72177d35fbefe4bf18d3ed231bda9feff64bfe3e0fff95937ef238d524e400c
SHA512

947be5dc668e7450918ce33babdd0531974966b99115136f62f9bca569b86e6004f38db63883cba214fb902936c84da6c5c74aa5affd1ea36472c577b9bed772
SSDEEP

384:jRnPgNZ9c/ZPyhNvWN2qIZRyZv1WqojX4Mh7/dbj77I2vf9H2SKmy:NQXj5X77bWW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b72177d35fbefe4bf18d3ed231bda9feff64bfe3e0fff95937ef238d524e400c

Files

b72177d35fbefe4bf18d3ed231bda9feff64bfe3e0fff95937ef238d524e400c
.dll windows:6 windows x64 arch:x64

b2916ca9f8fe83b7f676bd917c63f477

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Dev\work\NetVision\Dev\Install\Scripts\InnoSetup_MULTI\ProgramDir\PgBuild\postgresql\Release\btree_gin\btree_gin.pdb

Imports

postgres.exe

bpcharcmp
date_cmp
time_cmp
timestamp_cmp
interval_cmp
timetz_cmp
bit_in
varbit_in
network_cmp
btboolcmp
numeric_cmp
byteacmp
uuid_cmp
enum_cmp
macaddr8_cmp
cstring_to_text_with_len
inet_in
btint8cmp
macaddr_cmp
cash_cmp
bttextcmp
btnamecmp
btcharcmp
btoidcmp
btfloat8cmp
btfloat4cmp
btint4cmp
btint2cmp
DirectFunctionCall3Coll
CallerFInfoFunctionCall2
DirectFunctionCall2Coll
DirectFunctionCall1Coll
pg_detoast_datum
palloc0
palloc
elog_finish
bitcmp
elog_start

msvcr120

_onexit
__dllonexit
_calloc_crt
_unlock
_lock
__C_specific_handler
_initterm_e
_initterm
_malloc_crt
free
_amsg_exit
__CppXcptFilter
__clean_type_info_names_internal

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
DecodePointer
EncodePointer
DisableThreadLibraryCalls

Exports

Exports

Pg_magic_func
gin_btree_consistent
gin_compare_prefix_anyenum
gin_compare_prefix_bit
gin_compare_prefix_bool
gin_compare_prefix_bpchar
gin_compare_prefix_bytea
gin_compare_prefix_char
gin_compare_prefix_cidr
gin_compare_prefix_date
gin_compare_prefix_float4
gin_compare_prefix_float8
gin_compare_prefix_inet
gin_compare_prefix_int2
gin_compare_prefix_int4
gin_compare_prefix_int8
gin_compare_prefix_interval
gin_compare_prefix_macaddr
gin_compare_prefix_macaddr8
gin_compare_prefix_money
gin_compare_prefix_name
gin_compare_prefix_numeric
gin_compare_prefix_oid
gin_compare_prefix_text
gin_compare_prefix_time
gin_compare_prefix_timestamp
gin_compare_prefix_timestamptz
gin_compare_prefix_timetz
gin_compare_prefix_uuid
gin_compare_prefix_varbit
gin_enum_cmp
gin_extract_query_anyenum
gin_extract_query_bit
gin_extract_query_bool
gin_extract_query_bpchar
gin_extract_query_bytea
gin_extract_query_char
gin_extract_query_cidr
gin_extract_query_date
gin_extract_query_float4
gin_extract_query_float8
gin_extract_query_inet
gin_extract_query_int2
gin_extract_query_int4
gin_extract_query_int8
gin_extract_query_interval
gin_extract_query_macaddr
gin_extract_query_macaddr8
gin_extract_query_money
gin_extract_query_name
gin_extract_query_numeric
gin_extract_query_oid
gin_extract_query_text
gin_extract_query_time
gin_extract_query_timestamp
gin_extract_query_timestamptz
gin_extract_query_timetz
gin_extract_query_uuid
gin_extract_query_varbit
gin_extract_value_anyenum
gin_extract_value_bit
gin_extract_value_bool
gin_extract_value_bpchar
gin_extract_value_bytea
gin_extract_value_char
gin_extract_value_cidr
gin_extract_value_date
gin_extract_value_float4
gin_extract_value_float8
gin_extract_value_inet
gin_extract_value_int2
gin_extract_value_int4
gin_extract_value_int8
gin_extract_value_interval
gin_extract_value_macaddr
gin_extract_value_macaddr8
gin_extract_value_money
gin_extract_value_name
gin_extract_value_numeric
gin_extract_value_oid
gin_extract_value_text
gin_extract_value_time
gin_extract_value_timestamp
gin_extract_value_timestamptz
gin_extract_value_timetz
gin_extract_value_uuid
gin_extract_value_varbit
gin_numeric_cmp
pg_finfo_gin_btree_consistent
pg_finfo_gin_compare_prefix_anyenum
pg_finfo_gin_compare_prefix_bit
pg_finfo_gin_compare_prefix_bool
pg_finfo_gin_compare_prefix_bpchar
pg_finfo_gin_compare_prefix_bytea
pg_finfo_gin_compare_prefix_char
pg_finfo_gin_compare_prefix_cidr
pg_finfo_gin_compare_prefix_date
pg_finfo_gin_compare_prefix_float4
pg_finfo_gin_compare_prefix_float8
pg_finfo_gin_compare_prefix_inet
pg_finfo_gin_compare_prefix_int2
pg_finfo_gin_compare_prefix_int4
pg_finfo_gin_compare_prefix_int8
pg_finfo_gin_compare_prefix_interval
pg_finfo_gin_compare_prefix_macaddr
pg_finfo_gin_compare_prefix_macaddr8
pg_finfo_gin_compare_prefix_money
pg_finfo_gin_compare_prefix_name
pg_finfo_gin_compare_prefix_numeric
pg_finfo_gin_compare_prefix_oid
pg_finfo_gin_compare_prefix_text
pg_finfo_gin_compare_prefix_time
pg_finfo_gin_compare_prefix_timestamp
pg_finfo_gin_compare_prefix_timestamptz
pg_finfo_gin_compare_prefix_timetz
pg_finfo_gin_compare_prefix_uuid
pg_finfo_gin_compare_prefix_varbit
pg_finfo_gin_enum_cmp
pg_finfo_gin_extract_query_anyenum
pg_finfo_gin_extract_query_bit
pg_finfo_gin_extract_query_bool
pg_finfo_gin_extract_query_bpchar
pg_finfo_gin_extract_query_bytea
pg_finfo_gin_extract_query_char
pg_finfo_gin_extract_query_cidr
pg_finfo_gin_extract_query_date
pg_finfo_gin_extract_query_float4
pg_finfo_gin_extract_query_float8
pg_finfo_gin_extract_query_inet
pg_finfo_gin_extract_query_int2
pg_finfo_gin_extract_query_int4
pg_finfo_gin_extract_query_int8
pg_finfo_gin_extract_query_interval
pg_finfo_gin_extract_query_macaddr
pg_finfo_gin_extract_query_macaddr8
pg_finfo_gin_extract_query_money
pg_finfo_gin_extract_query_name
pg_finfo_gin_extract_query_numeric
pg_finfo_gin_extract_query_oid
pg_finfo_gin_extract_query_text
pg_finfo_gin_extract_query_time
pg_finfo_gin_extract_query_timestamp
pg_finfo_gin_extract_query_timestamptz
pg_finfo_gin_extract_query_timetz
pg_finfo_gin_extract_query_uuid
pg_finfo_gin_extract_query_varbit
pg_finfo_gin_extract_value_anyenum
pg_finfo_gin_extract_value_bit
pg_finfo_gin_extract_value_bool
pg_finfo_gin_extract_value_bpchar
pg_finfo_gin_extract_value_bytea
pg_finfo_gin_extract_value_char
pg_finfo_gin_extract_value_cidr
pg_finfo_gin_extract_value_date
pg_finfo_gin_extract_value_float4
pg_finfo_gin_extract_value_float8
pg_finfo_gin_extract_value_inet
pg_finfo_gin_extract_value_int2
pg_finfo_gin_extract_value_int4
pg_finfo_gin_extract_value_int8
pg_finfo_gin_extract_value_interval
pg_finfo_gin_extract_value_macaddr
pg_finfo_gin_extract_value_macaddr8
pg_finfo_gin_extract_value_money
pg_finfo_gin_extract_value_name
pg_finfo_gin_extract_value_numeric
pg_finfo_gin_extract_value_oid
pg_finfo_gin_extract_value_text
pg_finfo_gin_extract_value_time
pg_finfo_gin_extract_value_timestamp
pg_finfo_gin_extract_value_timestamptz
pg_finfo_gin_extract_value_timetz
pg_finfo_gin_extract_value_uuid
pg_finfo_gin_extract_value_varbit
pg_finfo_gin_numeric_cmp

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2916ca9f8fe83b7f676bd917c63f477

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

postgres.exe

msvcr120

kernel32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 88B

.pdata Size: 1024B - Virtual size: 636B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 16B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 88B

.pdata
Size: 1024B - Virtual size: 636B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 16B