2433ae59e97da9a44646ff5674d70f782e1fa5a056d2b154e4b2655bde211a2e

Sharing

Copy URL Twitter E-mail

General

Target

2433ae59e97da9a44646ff5674d70f782e1fa5a056d2b154e4b2655bde211a2e
Size

64KB
MD5

3e77d22a83bc9a529fb57151f94796f3
SHA1

0264a26d033fcb66c1a518a458b46435e17dda3e
SHA256

2433ae59e97da9a44646ff5674d70f782e1fa5a056d2b154e4b2655bde211a2e
SHA512

dc13e6ac19301eba511fd234065f10fe499cc6ed49a549aad328f38510812e995fe9cefa7d905253a3dac4f1920758527edfabac1437a51813ee93d6a8d11f2c
SSDEEP

768:C1ZoJfoMwQC2fms8uk4PVg9RAAMCzc6Okq2XbprGGUWeNBeLuBkK9nKKf9KGyxyw:C4foaC2G/AAPq52ZGgeeLuB5oGqZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2433ae59e97da9a44646ff5674d70f782e1fa5a056d2b154e4b2655bde211a2e

Files

2433ae59e97da9a44646ff5674d70f782e1fa5a056d2b154e4b2655bde211a2e
.exe windows:6 windows x64 arch:x64

ac9e54ff13e739639eb9abd20d9fee21

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Dev\work\NetVision\Dev\Install\Scripts\InnoSetup_MULTI\ProgramDir\PgBuild\postgresql\Release\pg_standby\pg_standby.pdb

Imports

kernel32

CreateDirectoryA
CreateFileA
GetFileAttributesA
GetFileAttributesExA
RemoveDirectoryA
CloseHandle
GetLastError
DeviceIoControl
LocalFree
FormatMessageA
MoveFileExA
MultiByteToWideChar
WideCharToMultiByte
GetShortPathNameA
SleepEx
LoadLibraryExA
FindClose
FindFirstFileA
FindNextFileA
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
EncodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer

msvcr120

strspn
strcmp
memmove
strchr
_stat64i32
abort
getenv
free
malloc
strstr
isalpha
fwrite
sprintf
strnlen
strrchr
_dclass
memset
strerror
_fdopen
strncmp
_setmode
_open_osfhandle
_wassert
_popen
system
memcpy
isupper
islower
toupper
tolower
realloc
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCaptureCurrentContext
__crtCapturePreviousContext
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__C_specific_handler
__initenv
_fmode
_commode
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
atoi
exit
_errno
sscanf
puts
fflush
__iob_func
_close
_chsize
_read
_unlink
_strdup
_getcwd

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac9e54ff13e739639eb9abd20d9fee21

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcr120

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 5KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 5KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 24KB - Virtual size: 23KB