f9f53a3b304dc2c82b8462c88513a07f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f9f53a3b304dc2c82b8462c88513a07f_JaffaCakes118
Size

124KB
MD5

f9f53a3b304dc2c82b8462c88513a07f
SHA1

0eb0c727fce941195d5849572c7242aced730b25
SHA256

5e5a94f0bccaf2575271bff467e337b6e0d434cc8705bd84c76167a53a7572bc
SHA512

040f15a9e572d21ecdb277cfc4da044ac2784b34f8a7e6b9d88639194d5afb253aefa7c601d86bcf2e2cdfaa99cc284146d3194f4bcc6ace31ee51e034ef1ad1
SSDEEP

3072:Lg4tP9hGaeOQAKFr3BepHhDsHo/6B5WKA3agZ:7t4yCRMwB4Z3N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9f53a3b304dc2c82b8462c88513a07f_JaffaCakes118

Files

f9f53a3b304dc2c82b8462c88513a07f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b3c3d41674597c7cef5a43e8b335a203

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\pginstaller-repo\postgres.windows\Release\timetravel\timetravel.pdb

Imports

postgres.exe

elog_start
elog_finish
SPI_getrelname
SPI_fnumber
SPI_gettypeid
GetUserId
GetUserNameFromId
cstring_to_text
SPI_getbinval
GetCurrentAbsoluteTime
SPI_modifytuple
SPI_connect
CurrentMemoryContext
MemoryContextAlloc
pg_snprintf
SPI_prepare
SPI_result
SPI_saveplan
SPI_execp
SPI_finish
pg_strcasecmp
namestrcmp
nameout
DirectFunctionCall1
pfree

msvcr80

_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
free
tolower
malloc
realloc
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e

kernel32

GetProcAddress
LoadLibraryA
VirtualAlloc
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange

Exports

Exports

Pg_magic_func
get_timetravel
pg_finfo_get_timetravel
pg_finfo_set_timetravel
pg_finfo_timetravel
set_timetravel
timetravel

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 766B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3c3d41674597c7cef5a43e8b335a203

Headers

File Characteristics

PDB Paths

Imports

postgres.exe

msvcr80

kernel32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 102KB - Virtual size: 102KB

.reloc Size: 1024B - Virtual size: 766B

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 102KB - Virtual size: 102KB

.reloc
Size: 1024B - Virtual size: 766B