C:\Dev\work\NetVision\Dev\Install\Scripts\InnoSetup_MULTI\ProgramDir\PgBuild\postgresql\Release\postgres\postgres.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
1feb33d5a694b95524eec12de3d12e577182a99c9a9e8c6b4af891decc3e7191.exe
Resource
win7-20231215-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
1feb33d5a694b95524eec12de3d12e577182a99c9a9e8c6b4af891decc3e7191.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
1feb33d5a694b95524eec12de3d12e577182a99c9a9e8c6b4af891decc3e7191
-
Size
7.2MB
-
MD5
3c67ce3cfa5abd6ab1c448631dda22f5
-
SHA1
9b5168feb77019fce419598ba0dd737a25f70966
-
SHA256
1feb33d5a694b95524eec12de3d12e577182a99c9a9e8c6b4af891decc3e7191
-
SHA512
8aa9363261c439008b63f87c607504c983365d8c4a2868530cd91d31d8182b4e13e782b4904262b7480574b33f168bad78029d04d3e4e86efa38efb3668e0239
-
SSDEEP
196608:dIodu7HvWEZaGG/Gj+zvPXVzNEgZZSh/fDgV:dIodu7HvWEZHG/Gj+zvPXVzmgZZShXDu
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1feb33d5a694b95524eec12de3d12e577182a99c9a9e8c6b4af891decc3e7191
Files
-
1feb33d5a694b95524eec12de3d12e577182a99c9a9e8c6b4af891decc3e7191.exe windows:6 windows x64 arch:x64
2053f20fc6a7aab4d63d40e75cb14232
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ssleay32
ord286
ord96
ord16
ord183
ord49
ord141
ord272
ord71
ord58
ord6
ord108
ord78
ord35
ord48
ord75
ord15
ord12
ord8
ord180
ord127
ord128
ord130
ord83
ord24
ord222
ord73
ord74
ord61
ord21
ord17
ord5
ord111
libeay32
ord567
ord3823
ord3846
ord78
ord66
ord109
ord52
ord53
ord95
ord1882
ord98
ord86
ord129
ord1002
ord9
ord2432
ord361
ord363
ord364
ord365
ord4513
ord3315
ord316
ord3353
ord3422
ord202
ord200
ord2596
ord628
ord639
ord641
ord4701
ord656
ord653
ord657
ord576
ord581
ord578
ord566
ord395
ord385
ord3188
ord252
ord227
ord222
ord253
ord3631
ord3581
ord3356
ord3633
ord3740
ord3551
ord3737
ord3712
ord3765
ord3479
ord3560
ord3562
ord181
secur32
AcquireCredentialsHandleA
FreeCredentialsHandle
AcceptSecurityContext
DeleteSecurityContext
FreeContextBuffer
TranslateNameA
ws2_32
recvfrom
sendto
WSAGetLastError
WSAIoctl
WSASocketA
getsockname
getsockopt
setsockopt
WSAStartup
__WSAFDIsSet
bind
ioctlsocket
listen
WSAAccept
WSACloseEvent
WSAConnect
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSARecv
WSASend
WSADuplicateSocketA
gethostbyname
closesocket
wldap32
ord50
ord60
ord211
ord136
ord46
ord13
ord217
ord41
ord22
ord26
ord36
ord30
ord200
ord16
ord143
kernel32
EncodePointer
DecodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleExA
SetEnvironmentVariableA
LoadLibraryExA
SetConsoleMode
GetConsoleMode
GetShortPathNameA
CallNamedPipeA
OpenProcess
GetModuleHandleA
GetProcessTimes
MoveFileExA
DeviceIoControl
RemoveDirectoryA
GetFileAttributesExA
CreateDirectoryA
FindNextFileA
FindFirstFileA
FindClose
LocalFree
LocalAlloc
GetCurrentDirectoryA
WriteConsoleW
GetACP
GetStdHandle
WideCharToMultiByte
MultiByteToWideChar
WaitForMultipleObjects
VirtualQuery
CreatePipe
RegisterWaitForSingleObject
UnregisterWaitEx
MapViewOfFile
CreateProcessA
ResumeThread
GetExitCodeProcess
TerminateProcess
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
OpenFileMappingA
CreateFileMappingA
GetLargePageMinimum
UnmapViewOfFile
MapViewOfFileEx
VirtualAllocEx
VirtualFree
VirtualAlloc
Sleep
SetLastError
DuplicateHandle
GetFullPathNameA
CreateSemaphoreA
ReleaseSemaphore
WaitForSingleObjectEx
WaitForMultipleObjectsEx
SetConsoleCtrlHandler
CreateNamedPipeA
CreateThread
GetCurrentProcessId
CreateEventA
SleepEx
WaitForSingleObject
ResetEvent
SetEvent
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DisconnectNamedPipe
ConnectNamedPipe
WriteFile
ReadFile
FlushFileBuffers
GetTickCount
GetProcessId
GetCurrentThreadId
GetCurrentProcess
SetUnhandledExceptionFilter
GetFileAttributesA
CreateFileA
VerifyVersionInfoW
SetErrorMode
VerSetConditionMask
LoadLibraryA
FormatMessageA
GetProcAddress
FreeLibrary
GetLastError
CloseHandle
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
advapi32
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
CryptGenRandom
CryptAcquireContextA
GetUserNameA
SetTokenInformation
InitializeAcl
GetLengthSid
GetAclInformation
GetAce
AddAce
AddAccessAllowedAceEx
ReportEventW
ReportEventA
RegisterEventSourceA
LookupAccountSidA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
GetTokenInformation
msvcr120
_amsg_exit
_XcptFilter
_onexit
__C_specific_handler
__dllonexit
_calloc_crt
_unlock
_lock
_free_locale
__crtCapturePreviousContext
__crtCaptureCurrentContext
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
system
_popen
setlocale
_putenv
strtof
strerror
sprintf
_close
_fdopen
ldexp
_fseeki64
_wassert
_strtoui64
mbstowcs
_mbstowcs_l
wcstombs
_wcstombs_l
strxfrm
localeconv
_create_locale
_localtime64
wcsftime
strcspn
_stat64i32
_strcoll_l
_strxfrm_l
wcscoll
_wcscoll_l
freopen
longjmp
_getcwd
memchr
strnlen
__getmainargs
__set_app_type
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__initenv
_fmode
_commode
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_chsize
_lseek
_write
_read
_getpid
_access
_isatty
_umask
_rmdir
_chmod
_strdup
_dup2
_mkdir
_dup
_chdir
_unlink
strcoll
memmove
memcmp
memcpy
memset
strchr
strncmp
rint
pow
_dclass
_fdclass
ceil
bsearch
sscanf
_errno
_setjmp
_time64
strcmp
strtol
strncpy
strspn
ferror
fgets
isspace
strtoul
_fstat64i32
fflush
fgetc
fread
fscanf
fwrite
strstr
__iob_func
clearerr
getc
exit
free
malloc
realloc
atoi
floor
sqrt
isalpha
isdigit
isxdigit
tolower
atof
strpbrk
strrchr
strtod
log
strtok
feof
_utime64
fputs
setvbuf
abort
getenv
_set_FMA3_enable
atol
isupper
_exit
fputc
fclose
puts
_atoi64
calloc
_environ
_fileno
ftell
_endthread
_beginthreadex
_setmode
_get_osfhandle
_open_osfhandle
__pctype_func
_isctype_l
islower
ispunct
isalnum
isprint
isgraph
toupper
_tolower_l
_toupper_l
towupper
_towupper_l
towlower
_towlower_l
iswctype
fseek
_pclose
_commit
exp
acosh
asinh
atanh
acos
asin
atan
atan2
cos
cosh
fmod
log10
sin
sinh
tan
tanh
_HUGE
Exports
Exports
ATExecChangeOwner
AbortBufferIO
AbortCurrentTransaction
AbortOutOfAnyTransaction
AbortStrongLockAcquire
AbsorbSyncRequests
AcceptInvalidationMessages
AcquireDeletionLock
AcquireRewriteLocks
ActivePortal
ActiveSnapshotSet
AddEnumLabel
AddInvertedQual
AddQual
AddRelationNewConstraints
AddSubscriptionRelState
AddToDataDirLockFile
AddUserToTokenDacl
AddWaitEventToSet
AdvanceNextFullTransactionIdPastXid
AdvanceOldestClogXid
AdvanceOldestCommitTsXid
AfterTriggerBeginQuery
AfterTriggerBeginSubXact
AfterTriggerBeginXact
AfterTriggerEndQuery
AfterTriggerEndSubXact
AfterTriggerEndXact
AfterTriggerFireDeferred
AfterTriggerPendingOnRel
AfterTriggerSetState
AggCheckCallContext
AggGetAggref
AggGetTempMemoryContext
AggRegisterCallback
AggStateIsShared
AggregateCreate
AllocSetContextCreateInternal
AllocateDir
AllocateFile
AllocateSnapshotBuilder
AlterCollation
AlterConstraintNamespaces
AlterDatabase
AlterDatabaseOwner
AlterDatabaseSet
AlterDomainAddConstraint
AlterDomainDefault
AlterDomainDropConstraint
AlterDomainNotNull
AlterDomainValidateConstraint
AlterEnum
AlterEventTrigger
AlterEventTriggerOwner
AlterEventTriggerOwner_oid
AlterExtensionNamespace
AlterForeignDataWrapper
AlterForeignDataWrapperOwner
AlterForeignDataWrapperOwner_oid
AlterForeignServer
AlterForeignServerOwner
AlterForeignServerOwner_oid
AlterFunction
AlterObjectNamespace_oid
AlterObjectOwner_internal
AlterOpFamily
AlterOperator
AlterPolicy
AlterPublication
AlterPublicationOwner
AlterPublicationOwner_oid
AlterRelationNamespaceInternal
AlterRole
AlterRoleSet
AlterSchemaOwner
AlterSchemaOwner_oid
AlterSequence
AlterSetting
AlterSubscription
AlterSubscriptionOwner
AlterSubscriptionOwner_oid
AlterSystemSetConfigFile
AlterTSConfiguration
AlterTSDictionary
AlterTable
AlterTableCreateToastTable
AlterTableGetLockLevel
AlterTableGetRelOptionsLockLevel
AlterTableInternal
AlterTableLookupRelation
AlterTableMoveAll
AlterTableNamespace
AlterTableNamespaceInternal
AlterTableSpaceOptions
AlterTypeNamespace
AlterTypeNamespaceInternal
AlterTypeNamespace_oid
AlterTypeOwner
AlterTypeOwnerInternal
AlterTypeOwner_oid
AlterUserMapping
ApplyContext
ApplyLauncherMain
ApplyLauncherRegister
ApplyLauncherShmemInit
ApplyLauncherShmemSize
ApplyLauncherWakeupAtCommit
ApplySetting
ApplyWorkerMain
ArchiveRecoveryRequested
ArrayCheckBounds
ArrayGetIntegerTypmods
ArrayGetNItems
ArrayGetOffset
ArrayGetOffset0
Array_nulls
AssignPostmasterChildSlot
AssignTypeArrayOid
AsyncShmemInit
AsyncShmemSize
Async_Listen
Async_Notify
Async_Unlisten
Async_UnlistenAll
AtAbort_Notify
AtAbort_Portals
AtAbort_Twophase
AtCCI_RelationMap
AtCleanup_Portals
AtCommit_Notify
AtEOSubXact_ApplyLauncher
AtEOSubXact_Files
AtEOSubXact_HashTables
AtEOSubXact_Inval
AtEOSubXact_LargeObject
AtEOSubXact_Namespace
AtEOSubXact_Parallel
AtEOSubXact_PgStat
AtEOSubXact_RelationCache
AtEOSubXact_SPI
AtEOSubXact_on_commit_actions
AtEOXact_ApplyLauncher
AtEOXact_Buffers
AtEOXact_ComboCid
AtEOXact_Enum
AtEOXact_Files
AtEOXact_GUC
AtEOXact_HashTables
AtEOXact_Inval
AtEOXact_LargeObject
AtEOXact_LocalBuffers
AtEOXact_MultiXact
AtEOXact_Namespace
AtEOXact_Parallel
AtEOXact_PgStat
AtEOXact_RelationCache
AtEOXact_RelationMap
AtEOXact_SMgr
AtEOXact_SPI
AtEOXact_Snapshot
AtEOXact_on_commit_actions
AtPrepare_Locks
AtPrepare_MultiXact
AtPrepare_Notify
AtPrepare_PgStat
AtPrepare_PredicateLocks
AtPrepare_RelationMap
AtProcExit_LocalBuffers
AtStart_GUC
AtSubAbort_Notify
AtSubAbort_Portals
AtSubAbort_Snapshot
AtSubAbort_smgr
AtSubCleanup_Portals
AtSubCommit_Notify
AtSubCommit_Portals
AtSubCommit_Snapshot
AtSubCommit_smgr
AtSubStart_Notify
AttachSerializableXact
AttachSession
AuthenticationTimeout
AutoVacLauncherMain
AutoVacWorkerFailed
AutoVacWorkerMain
AutoVacuumRequestWork
AutoVacuumShmemInit
AutoVacuumShmemSize
AutoVacuumUpdateDelay
AutoVacuumingActive
AutovacuumLauncherIAm
AutovacuumLauncherPid
AutovacuumWorkerIAm
AuxProcessResourceOwner
AuxiliaryPidGetProc
AuxiliaryProcessMain
AuxiliaryProcs
BTreeShmemInit
BTreeShmemSize
BackendIdGetProc
BackendIdGetTransactionIds
BackendPidGetProc
BackendPidGetProcWithLock
BackendStatusShmemSize
BackendWritebackContext
BackendXidGetPid
BackgroundWorkerBlockSignals
BackgroundWorkerEntry
BackgroundWorkerInitializeConnection
BackgroundWorkerInitializeConnectionByOid
BackgroundWorkerList
BackgroundWorkerShmemInit
BackgroundWorkerShmemSize
BackgroundWorkerStateChange
BackgroundWorkerStopNotifications
BackgroundWorkerUnblockSignals
BackgroundWriterMain
BackupInProgress
BarrierArriveAndDetach
BarrierArriveAndWait
BarrierAttach
BarrierDetach
BarrierInit
BarrierParticipants
BarrierPhase
BaseInit
BasicOpenFile
BasicOpenFilePerm
BecomeLockGroupLeader
BecomeLockGroupMember
BeginCommand
BeginCopyFrom
BeginImplicitTransactionBlock
BeginInternalSubTransaction
BeginReportingGUCOptions
BeginTransactionBlock
BgBufferSync
BgWriterDelay
BipartiteMatch
BipartiteMatchFree
BlessTupleDesc
BlockSampler_HasMore
BlockSampler_Init
BlockSampler_Next
BootStrapCLOG
BootStrapCommitTs
BootStrapMultiXact
BootStrapSUBTRANS
BootStrapXLOG
BootstrapToastTable
BufFileAppend
BufFileClose
BufFileCreateShared
BufFileCreateTemp
BufFileDeleteShared
BufFileExportShared
BufFileOpenShared
BufFileRead
BufFileSeek
BufFileSeekBlock
BufFileSize
BufFileTell
BufFileWrite
BufTableDelete
BufTableHashCode
BufTableInsert
BufTableLookup
BufTableShmemSize
BufferBlocks
BufferDescriptors
BufferGetBlockNumber
BufferGetLSNAtomic
BufferGetTag
BufferIOLWLockArray
BufferIsPermanent
BufferShmemSize
BufmgrCommit
BuildDescForRelation
BuildDescFromLists
BuildDummyIndexInfo
BuildIndexInfo
BuildIndexValueDescription
BuildOnConflictExcludedTargetlist
BuildRelationExtStatistics
BuildSpeculativeIndexInfo
BuildTupleFromCStrings
BuildTupleHashTable
BuildTupleHashTableExt
CLOGShmemBuffers
CLOGShmemInit
CLOGShmemSize
CacheInvalidateCatalog
CacheInvalidateHeapTuple
CacheInvalidateRelcache
CacheInvalidateRelcacheAll
CacheInvalidateRelcacheByRelid
CacheInvalidateRelcacheByTuple
CacheInvalidateRelmap
CacheInvalidateSmgr
CacheMemoryContext
CacheRegisterRelcacheCallback
CacheRegisterSyscacheCallback
CachedPlanGetTargetList
CachedPlanIsValid
CachedPlanSetParentContext
CallStmtResultDesc
CallSyscacheCallbacks
CallerFInfoFunctionCall1
CallerFInfoFunctionCall2
CancelBackup
CancelDBBackends
CancelVirtualTransaction
CatCacheInvalidate
CatalogCacheFlushCatalog
CatalogCloseIndexes
CatalogOpenIndexes
CatalogSnapshotData
CatalogTupleDelete
CatalogTupleInsert
CatalogTupleInsertWithInfo
CatalogTupleUpdate
CatalogTupleUpdateWithInfo
ChangeToDataDir
ChangeVarNodes
CheckAttributeNamesTypes
CheckAttributeType
CheckCmdReplicaIdentity
CheckDateTokenTables
CheckDeadLockAlert
CheckExprStillValid
CheckForSerializableConflictIn
CheckForSerializableConflictOut
CheckFunctionValidatorAccess
CheckIndexCompatible
CheckLogicalDecodingRequirements
CheckLogrotateSignal
CheckPointBuffers
CheckPointCLOG
CheckPointCommitTs
CheckPointCompletionTarget
CheckPointLogicalRewriteHeap
CheckPointMultiXact
CheckPointPredicate
CheckPointRelationMap
CheckPointReplicationOrigin
CheckPointReplicationSlots
CheckPointSUBTRANS
CheckPointSnapBuild
CheckPointTimeout
CheckPointTwoPhase
CheckPointWarning
CheckPostmasterSignal
CheckPromoteSignal
CheckRecoveryConflictDeadlock
CheckRelationLockedByMe
CheckSelectLocking
CheckSetNamespace
CheckSlotRequirements
CheckSubscriptionRelkind
CheckTableForSerializableConflictIn
CheckTableNotInUse
CheckValidResultRel
CheckXLogRemoved
CheckpointWriteDelay
CheckpointerMain
CheckpointerShmemInit
CheckpointerShmemSize
ChooseConstraintName
ChoosePortalStrategy
ChooseRelationName
ClientAuthInProgress
ClientAuthentication
ClientAuthentication_hook
ClientConnectionLost
ClosePipeStream
ClosePostmasterPorts
CloseTransientFile
CollationCreate
CollationGetCollid
CollationIsVisible
CommandCounterIncrement
CommandEndInvalidationMessages
CommandIsReadOnly
CommentObject
CommitDelay
CommitSiblings
CommitTransactionCommand
CommitTsParameterChange
CommitTsShmemBuffers
CommitTsShmemInit
CommitTsShmemSize
CommuteOpExpr
CompareIndexInfo
CompleteCachedPlan
CompleteCommitTsInitialization
ComputeIoConcurrency
ConditionVariableBroadcast
ConditionVariableCancelSleep
ConditionVariableInit
ConditionVariablePrepareToSleep
ConditionVariableSignal
ConditionVariableSleep
ConditionalLockBuffer
ConditionalLockBufferForCleanup
ConditionalLockPage
ConditionalLockRelation
ConditionalLockRelationForExtension
ConditionalLockRelationOid
ConditionalLockTuple
ConditionalXactLockTableWait
ConfigFileName
ConfigReloadPending
ConstraintNameExists
ConstraintNameIsUsed
ConstraintSetParentConstraint
ConversionCreate
ConversionGetConid
ConversionIsVisible
ConvertTimeZoneAbbrevs
CopyArrayEls
CopyCachedPlan
CopyErrorData
CopyFrom
CopyFromErrorCallback
CopyIndexTuple
CopyOverrideSearchPath
CopyStatistics
CopyTriggerDesc
CountDBBackends
CountDBConnections
CountDBSubscriptions
CountOtherDBBackends
CountUserBackends
CreateAccessMethod
CreateAuxProcessResourceOwner
CreateCacheMemoryContext
CreateCachedPlan
CreateCast
CreateCheckPoint
CreateCommandTag
CreateComments
CreateConstraintEntry
CreateConversionCommand
CreateCopyDestReceiver
CreateDataDirLockFile
CreateDecodingContext
CreateDestReceiver
CreateEventTrigger
CreateExecutorState
CreateExprContext
CreateExtension
CreateFakeRelcacheEntry
CreateForeignDataWrapper
CreateForeignServer
CreateForeignTable
CreateFunction
CreateInitDecodingContext
CreateIntoRelDestReceiver
CreateLWLocks
CreateNewPortal
CreateOneShotCachedPlan
CreateParallelContext
CreatePartitionDirectory
CreatePolicy
CreatePortal
CreateProceduralLanguage
CreatePublication
CreateQueryDesc
CreateRestartPoint
CreateRole
CreateSQLFunctionDestReceiver
CreateSchemaCommand
CreateSharedBackendStatus
CreateSharedComments
CreateSharedInvalidationState
CreateSharedMemoryAndSemaphores
CreateSharedProcArray
CreateSocketLockFile
CreateStandaloneExprContext
CreateStatistics
CreateSubscription
CreateTableSpace
CreateTemplateTupleDesc
CreateTransform
CreateTransientRelDestReceiver
CreateTrigger
CreateTriggerFiringOn
CreateTupleDesc
CreateTupleDescCopy
CreateTupleDescCopyConstr
CreateTupleQueueDestReceiver
CreateTupleQueueReader
CreateTuplestoreDestReceiver
CreateUserMapping
CreateWaitEventSet
CritSectionCount
CurTransactionContext
CurTransactionResourceOwner
CurrentExtensionObject
CurrentMemoryContext
Sections
.text Size: 4.7MB - Virtual size: 4.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2.3MB - Virtual size: 2.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 54KB - Virtual size: 267KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 261KB - Virtual size: 260KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ