ce287995f00c460b4d28250f0caa0b42efa301dad7e5d38988f3d05cf6f5d824

Sharing

Copy URL Twitter E-mail

General

Target

ce287995f00c460b4d28250f0caa0b42efa301dad7e5d38988f3d05cf6f5d824
Size

10KB
MD5

e44a7e81cc9e4b98bcd64ccbe12c5313
SHA1

5e0b042dfb1a553f965b6fb8393d3d97c44031ef
SHA256

ce287995f00c460b4d28250f0caa0b42efa301dad7e5d38988f3d05cf6f5d824
SHA512

40dca8546cad2ba6df963a308823fe720aefe187ae3b0d8aed6784c6d32a5af5f4af4c53338da3586e0433d6badec5fd77da212adc974fc3751793b4f55a2f4e
SSDEEP

192:XG5C1A4kc+9p/hIOA8rId4hYTu0/s3XXo6E:W5eA8+7KL4OL/EHo6E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce287995f00c460b4d28250f0caa0b42efa301dad7e5d38988f3d05cf6f5d824

Files

ce287995f00c460b4d28250f0caa0b42efa301dad7e5d38988f3d05cf6f5d824
.dll windows:6 windows x64 arch:x64

45d289a6aed2e3a999f70bab75630dfc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Dev\work\NetVision\Dev\Install\Scripts\InnoSetup_MULTI\ProgramDir\PgBuild\postgresql\Release\test_rls_hooks\test_rls_hooks.pdb

Imports

postgres.exe

row_security_policy_hook_restrictive
row_security_policy_hook_permissive
newNodeMacroHolder
CurrentMemoryContext
addRTEtoQuery
addRangeTableEntryForRelation
assign_expr_collations
transformWhereClause
makeFuncCall
makeSimpleA_Expr
make_parsestate
construct_array
makeString
lcons
copyObjectImpl
pstrdup
palloc0
MemoryContextAllocZeroAligned

msvcr120

__clean_type_info_names_internal
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
__C_specific_handler
_initterm_e
_initterm
_malloc_crt
strcmp
__CppXcptFilter
_amsg_exit
free

kernel32

DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
DecodePointer
EncodePointer

Exports

Exports

Pg_magic_func
_PG_fini
_PG_init
test_rls_hooks_permissive
test_rls_hooks_restrictive

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45d289a6aed2e3a999f70bab75630dfc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

postgres.exe

msvcr120

kernel32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 104B

.pdata Size: 512B - Virtual size: 216B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 16B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 104B

.pdata
Size: 512B - Virtual size: 216B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 16B