clusterdb[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

clusterdb.exe
Size

71KB
MD5

970ff3c5b4ff398dde81753ba6a1da55
SHA1

44f4bcd0761f0eda0c274125bba10b839bf26287
SHA256

2e565b13feccc33a20b745f00d2cbea70e3bd1b46c07e1de799566f074078b39
SHA512

92f74eefed9c863440dfb36d1b4d522b95f2081d65ca6caede4e26da26ad9d8681b6d76938983858bfba8e4a5d29a3fc804570f035270c1f5d6f6b3b2153df33
SSDEEP

1536:C1lMVvNFGyrljhBhobsBoiUtSVc6JB1Xl7eeLuB5oGqZ:C1lMxTGUjhBho4BoTtSe6J1hO5oZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
clusterdb.exe

Files

clusterdb.exe
.exe windows:5 windows x86 arch:x86

dce6d13e70636ac975114d92bfcb3aef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\pginstaller.auto\postgres.windows\Release\clusterdb\clusterdb.pdb

Imports

libintl-8

libintl_textdomain
libintl_gettext
libintl_bindtextdomain

libpq

ord33
ord21
ord140
ord14
ord122
ord121
ord120
ord156
ord68
ord75
ord91
ord70
ord67
ord69
ord48
ord113
ord72
ord126
ord64
ord77
ord76
ord130
ord45
ord34
ord15
ord7
ord4

kernel32

QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
GetCurrentThreadId
GetSystemTimeAsFileTime
GetCurrentProcessId
SleepEx
WideCharToMultiByte
MultiByteToWideChar
MoveFileExA
GetFileAttributesExA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetConsoleCtrlHandler
LocalAlloc
LocalFree
GetCurrentProcess
GetLastError
WaitForSingleObject
ReadFile
CloseHandle
DuplicateHandle
CreatePipe
CreateProcessA
GetCurrentDirectoryA
GetShortPathNameA
GetStdHandle
GetConsoleMode
SetConsoleMode
GetProcAddress
GetModuleHandleA
SetEnvironmentVariableA
DeviceIoControl
FormatMessageA
CreateDirectoryA
RemoveDirectoryA
CreateFileA
GetFileAttributesA
DecodePointer

advapi32

GetUserNameA
SetTokenInformation
GetLengthSid
InitializeAcl
GetAclInformation
AddAce
GetAce
GetTokenInformation
AddAccessAllowedAceEx

msvcr120

strchr
strstr
isupper
fputc
_pclose
_errno
strerror
strncpy
isalpha
memset
realloc
abort
strncmp
fwrite
sprintf
memmove
strrchr
isdigit
_dclass
strcspn
fclose
fgets
fopen
fputs
islower
toupper
tolower
_putenv
setlocale
memcpy
_stat32
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__initenv
_fmode
_commode
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_invoke_watson
_controlfp_s
_except_handler4_common
_strdup
malloc
free
getenv
exit
_unlink
__iob_func
_getcwd
fflush

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dce6d13e70636ac975114d92bfcb3aef

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libintl-8

libpq

kernel32

advapi32

msvcr120

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 24KB - Virtual size: 23KB