526e29b293f3d65d69737bddaa91f2b802993123da98788dfafd304e9a9f901a

Sharing

Copy URL Twitter E-mail

General

Target

526e29b293f3d65d69737bddaa91f2b802993123da98788dfafd304e9a9f901a
Size

175KB
MD5

632c28784b1f7c870c4704b6a2adf4d5
SHA1

241bec8a53e2159a482cec2957221dd9846d87e9
SHA256

526e29b293f3d65d69737bddaa91f2b802993123da98788dfafd304e9a9f901a
SHA512

4815c7a85a3bd20bd05294ef76ade2a59219ea24a3c1610a9515f9e024a40abadac3879f5b4c5e2ca39bb62e527892d62215f39b6ba602406d4550e8d8088ad6
SSDEEP

3072:ed2GTofAgJg+qVPlCzkczL9Bt7iCLPKZlRA5O5oZ:k22okyv9Bt7iEPKZfbGZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
526e29b293f3d65d69737bddaa91f2b802993123da98788dfafd304e9a9f901a

Files

526e29b293f3d65d69737bddaa91f2b802993123da98788dfafd304e9a9f901a
.exe windows:6 windows x64 arch:x64

0e672f47ac0596009945e2c8d922e3eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Dev\work\NetVision\Dev\Install\Scripts\InnoSetup_MULTI\ProgramDir\PgBuild\postgresql\Release\initdb\initdb.pdb

Imports

libpq

ord68
ord130
ord70
ord67
ord69
ord64
ord126
ord72
ord113
ord75
ord91
ord76
ord77

ws2_32

WSAGetLastError
WSAStartup
gethostbyname

kernel32

GetCurrentDirectoryA
ReadFile
CloseHandle
DuplicateHandle
GetLastError
CreatePipe
WaitForSingleObject
GetCurrentProcess
CreateProcessA
LocalAlloc
LocalFree
GetStdHandle
GetConsoleMode
DecodePointer
GetCommandLineA
GetExitCodeProcess
ResumeThread
FreeLibrary
GetProcAddress
LoadLibraryA
CreateFileA
CreateDirectoryA
GetFileAttributesA
GetFileAttributesExA
RemoveDirectoryA
DeviceIoControl
FormatMessageA
MoveFileExA
MultiByteToWideChar
WideCharToMultiByte
SetEnvironmentVariableA
GetModuleHandleExA
GetShortPathNameA
LoadLibraryExA
FindClose
FindFirstFileA
FindNextFileA
SleepEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
EncodePointer
IsProcessorFeaturePresent
SetConsoleMode
GetSystemTimeAsFileTime
IsDebuggerPresent

advapi32

GetAce
AddAccessAllowedAceEx
RegQueryValueExA
GetUserNameA
CreateProcessAsUserA
FreeSid
AllocateAndInitializeSid
OpenProcessToken
SetTokenInformation
InitializeAcl
GetTokenInformation
GetLengthSid
GetAclInformation
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
AddAce

msvcr120

_localtime64
_time64
memset
fclose
ferror
fflush
fgetc
fgets
fputs
strftime
rewind
setvbuf
_errno
exit
strtol
free
strchr
strncmp
strstr
isalpha
memcpy
strcmp
malloc
memmove
strspn
isupper
fputc
_pclose
strncpy
realloc
_commit
strtok
_vacopy
fwrite
sprintf
strnlen
strrchr
_dclass
_fdopen
_close
_setmode
_open_osfhandle
_wassert
_stat64i32
setlocale
_putenv
abort
islower
toupper
tolower
strerror
_fileno
_get_osfhandle
_popen
system
_create_locale
_free_locale
signal
atoi
strcspn
isdigit
isxdigit
isspace
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCaptureCurrentContext
__crtCapturePreviousContext
_lock
_unlock
_calloc_crt
__dllonexit
__C_specific_handler
_onexit
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__initenv
_fmode
_commode
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
getenv
isalnum
__iob_func
_strdup
_rmdir
_isatty
_unlink
puts
_mkdir
_chmod
_umask
_read
_getcwd

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e672f47ac0596009945e2c8d922e3eb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libpq

ws2_32

kernel32

advapi32

msvcr120

Sections

.text Size: 78KB - Virtual size: 77KB

.rdata Size: 67KB - Virtual size: 66KB

.data Size: 1KB - Virtual size: 30KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 78KB - Virtual size: 77KB

.rdata
Size: 67KB - Virtual size: 66KB

.data
Size: 1KB - Virtual size: 30KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 24KB - Virtual size: 23KB