079b85c829bc6a91810ea8004d8c183c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

079b85c829bc6a91810ea8004d8c183c_JaffaCakes118
Size

126KB
MD5

079b85c829bc6a91810ea8004d8c183c
SHA1

541c072fea60ed2afe8702796564cbedb2b72a75
SHA256

4f87f5c7ed6c39948bf1f65464060fdb99b4123ca8d9ed101822ceb88af0a037
SHA512

62c143ec07cbee8f5b2c79ca51b264f89f6d2186bcc8e21e747e2b67e62ac48fb3e2867273e614f22868cdf542b11b2af69eae9329eac5cfc9cecfd1019f62ff
SSDEEP

3072:1u/Cpr1hVKUYc7R38JdIyW94rGHohnGn:1lr6cVCIysHEn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
079b85c829bc6a91810ea8004d8c183c_JaffaCakes118

Files

079b85c829bc6a91810ea8004d8c183c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5d16c0527960e5d4375d5d8d03d75d74

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\pginstaller-repo\postgres.windows\Release\euc_jp_and_sjis\euc_jp_and_sjis.pdb

Imports

postgres.exe

check_encoding_conversion_args
pg_encoding_verifymb
report_untranslatable_char
report_invalid_encoding

msvcr80

__clean_type_info_names_internal
__CppXcptFilter
__dllonexit
_lock
_onexit
_except_handler4_common
_crt_debugger_hook
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
_unlock

kernel32

GetProcAddress
LoadLibraryA
VirtualAlloc
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
TerminateProcess

Exports

Exports

Pg_magic_func
euc_jp_to_mic
euc_jp_to_sjis
mic_to_euc_jp
mic_to_sjis
pg_finfo_euc_jp_to_mic
pg_finfo_euc_jp_to_sjis
pg_finfo_mic_to_euc_jp
pg_finfo_mic_to_sjis
pg_finfo_sjis_to_euc_jp
pg_finfo_sjis_to_mic
sjis_to_euc_jp
sjis_to_mic

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d16c0527960e5d4375d5d8d03d75d74

Headers

File Characteristics

PDB Paths

Imports

postgres.exe

msvcr80

kernel32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 102KB - Virtual size: 102KB

.reloc Size: 1024B - Virtual size: 590B

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 102KB - Virtual size: 102KB

.reloc
Size: 1024B - Virtual size: 590B