ed87693c0fcdfc83125ef53d14714353d34e5b89096cfe6e369a46cf9f82c097

Sharing

Copy URL Twitter E-mail

General

Target

ed87693c0fcdfc83125ef53d14714353d34e5b89096cfe6e369a46cf9f82c097
Size

34KB
MD5

5d019b6a1411fbbc45c0a3f24f42db90
SHA1

61c6113d0e52089cc5b535430da256d8bacddcd2
SHA256

ed87693c0fcdfc83125ef53d14714353d34e5b89096cfe6e369a46cf9f82c097
SHA512

3cc7cb09b1a90c64cc6c44a72e171d930e43df6d6a72948432aab5772663af2a4f87b7eab25161be240a0e928fd9051b48386d1ab57c512df626949b820e0a2f
SSDEEP

384:DdrrRD5b43XhYyyEgMzNriKr+54LZUdf193d5FHVyQc4D4PhYTn2dni5nC66gFZN:Brt5SdgmgyTLZUdfL3MlhK2d2TRhe+r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed87693c0fcdfc83125ef53d14714353d34e5b89096cfe6e369a46cf9f82c097

Files

ed87693c0fcdfc83125ef53d14714353d34e5b89096cfe6e369a46cf9f82c097
.dll windows:6 windows x64 arch:x64

8a23283e84739ba370d68f1a7a6f930e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Dev\work\NetVision\Dev\Install\Scripts\InnoSetup_MULTI\ProgramDir\PgBuild\postgresql\Release\pg_stat_statements\pg_stat_statements.pdb

Imports

postgres.exe

LWLockRelease
RequestNamedLWLockTranche
GetNamedLWLockTranche
ShmemInitHash
ShmemInitStruct
add_size
RequestAddinShmemSpace
on_shmem_exit
DefineCustomBoolVariable
DefineCustomIntVariable
DefineCustomEnumVariable
EmitWarningsOnPlaceholders
standard_ProcessUtility
is_member_of_role
pg_strtouint64
cstring_to_text
hash_any_extended
LWLockAcquire
PG_exception_stack
CurrentMemoryContext
pgBufferUsage
ExecutorStart_hook
ExecutorRun_hook
ExecutorFinish_hook
ExecutorEnd_hook
IsUnderPostmaster
MyDatabaseId
work_mem
process_shared_preload_libraries_in_progress
post_parse_analyze_hook
ScanKeywords
ScanKeywordTokens
MainLWLockArray
shmem_startup_hook
ProcessUtility_hook
scanner_isspace
core_yylex
scanner_finish
scanner_init
GetUserId
check_stack_depth
pg_any_to_server
GetDatabaseEncoding
get_call_result_type
standard_ExecutorEnd
standard_ExecutorFinish
standard_ExecutorRun
standard_ExecutorStart
tuplestore_putvalues
tuplestore_begin_heap
s_lock
durable_rename
CloseTransientFile
OpenTransientFile
FreeFile
AllocateFile
hash_estimate_size
hash_seq_term
hash_seq_search
hash_seq_init
hash_get_num_entries
hash_search
InstrEndLoop
InstrAlloc
pfree
repalloc
palloc
pg_re_throw
elog_finish
elog_start
errdetail
errmsg
errcode_for_file_access
errcode
errfinish
errstart
pg_qsort
pgunlink
error_context_stack
pg_sprintf

kernel32

QueryPerformanceCounter
QueryPerformanceFrequency
EncodePointer
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer

msvcr120

_fileno
__clean_type_info_names_internal
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
__crtCapturePreviousContext
__crtCaptureCurrentContext
__crtTerminateProcess
_chsize
__crt_debugger_hook
__C_specific_handler
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
sqrt
memset
memcpy
_setjmp
_fstat64i32
strncmp
malloc
free
_errno
fwrite
fread
_lseek
__crtUnhandledException
_write
_read

Exports

Exports

Pg_magic_func
_PG_fini
_PG_init
pg_finfo_pg_stat_statements
pg_finfo_pg_stat_statements_1_2
pg_finfo_pg_stat_statements_1_3
pg_finfo_pg_stat_statements_reset
pg_finfo_pg_stat_statements_reset_1_7
pg_stat_statements
pg_stat_statements_1_2
pg_stat_statements_1_3
pg_stat_statements_reset
pg_stat_statements_reset_1_7

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a23283e84739ba370d68f1a7a6f930e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

postgres.exe

kernel32

msvcr120

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 24B

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 24B