isolationtester[.]exe

General

Target

isolationtester.exe
Size

56KB
MD5

5cf3866c404cd64174731eb575527d79
SHA1

e3d44de6c536c120404bfec09e6a99564e28b2be
SHA256

81dd510ed15ab1fbd75aea9138239cdab7e771c5d9ffa7f69a0944616bf405ca
SHA512

549bb39959fb22a78eaf7e08462bf567b443972f3cff785810457d6034c12eee1132caa902ecc05ae54567edb1ebd81dce33c0bea904c420c162e10665d181f2
SSDEEP

768:MudlAxwzjQidHaA/UxRs4DIh4ZngNlIxSIGv7rieNBeLuBkK9nKKf9KGyxyw:TD0idHnQ64DelWgvSeeLuB5oGqZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
isolationtester.exe

Files

isolationtester.exe
.exe windows:5 windows x86 arch:x86

a37d34c136afbd8d08d6d7f2ec4064fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\pginstaller.auto\postgres.windows\Release\isolationtester\isolationtester.pdb

Imports

ws2_32

select

libpq

ord118
ord110
ord23
ord24
ord25
ord26
ord33
ord66
ord65
ord106
ord34
ord35
ord37
ord45
ord48
ord69
ord67
ord91
ord75
ord21
ord16
ord15
ord14
ord4
ord120
ord121
ord1
ord122

kernel32

QueryPerformanceCounter
DecodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
GetCurrentThreadId
EncodePointer
GetModuleHandleA
GetSystemTimeAsFileTime
GetProcAddress

msvcr120

bsearch
calloc
free
malloc
memmove
exit
clearerr
_strdup
fread
getc
_errno
memset
fwrite
sprintf
strrchr
isdigit
_dclass
strchr
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__initenv
_fmode
_commode
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_invoke_watson
_controlfp_s
_except_handler4_common
setbuf
puts
__iob_func
realloc
strerror
ferror

libintl-8

libintl_gettext

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a37d34c136afbd8d08d6d7f2ec4064fb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

libpq

kernel32

msvcr120

libintl-8

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 24KB - Virtual size: 23KB