f2e22cac55482ebcb85665be627d10056061aa5b9e87fc1eb7622816a7b2c683

Sharing

Copy URL Twitter E-mail

General

Target

f2e22cac55482ebcb85665be627d10056061aa5b9e87fc1eb7622816a7b2c683
Size

64KB
MD5

878caa9f1789effaacd8d547ef1227c0
SHA1

26816dc4bbd6669bea2d1891382574ad150c0826
SHA256

f2e22cac55482ebcb85665be627d10056061aa5b9e87fc1eb7622816a7b2c683
SHA512

9dcfc233d3b1ab81ccf0debd12fb9c4f465083cd21cd528c066876e667e1f99587c086191928ec462d7ce2c5842731e9c27aab012d16bd31d5b951b9237018a1
SSDEEP

1536:BchzxoFDABCY/rtnogQjaCmeeLuB5oGqZ:BcVxIZY/KRuO5oZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f2e22cac55482ebcb85665be627d10056061aa5b9e87fc1eb7622816a7b2c683

Files

f2e22cac55482ebcb85665be627d10056061aa5b9e87fc1eb7622816a7b2c683
.exe windows:6 windows x64 arch:x64

f42d9aabc6810673a9cf37a54a2fb191

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\pginstaller.auto\postgres.windows-x64\Release\isolationtester\isolationtester.pdb

Imports

ws2_32

select

libpq

ord118
ord110
ord23
ord24
ord25
ord26
ord33
ord66
ord65
ord106
ord34
ord35
ord37
ord45
ord48
ord69
ord67
ord91
ord75
ord21
ord16
ord15
ord14
ord4
ord120
ord121
ord1
ord122

kernel32

QueryPerformanceCounter
DecodePointer
IsDebuggerPresent
EncodePointer
GetCurrentProcessId
GetCurrentThreadId
IsProcessorFeaturePresent
GetProcAddress
GetModuleHandleA
GetSystemTimeAsFileTime

msvcr120

bsearch
calloc
free
memmove
strerror
exit
ferror
_strdup
getc
malloc
_errno
memset
fwrite
sprintf
strrchr
isdigit
_dclass
strchr
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__C_specific_handler
__initenv
_fmode
_commode
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCaptureCurrentContext
__crtCapturePreviousContext
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
setbuf
puts
__iob_func
realloc
clearerr
fread

libintl-8

libintl_gettext

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f42d9aabc6810673a9cf37a54a2fb191

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

libpq

kernel32

msvcr120

libintl-8

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 24KB - Virtual size: 23KB