pg_dumpall[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

pg_dumpall.exe
Size

102KB
MD5

d58c398f8a3bcdfd3b2277f397f6bce7
SHA1

0440f001f2d0349c84c7db372c80c2857b573cf0
SHA256

8a161e098b953c4708f9acfe1a46bfe026ed4d2d78c7717d6e9f887de0a19f0c
SHA512

3d0372263520bd0b5b9deb76a493492e1eb7d632e9f5ccbbdf3c8bdbe9955f8e958b117aa13c8e084d87b9c8410774e819f55364cbd295e20bc04d1ab42e852f
SSDEEP

1536:81VGL95PkEU8fAzc2t1XzO+9vsHwfxz+HUIiSj6JfEluYeeLuB5oGqZ:8/4nMETIznpzgQfxKHUIiw6JSxO5oZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pg_dumpall.exe

Files

pg_dumpall.exe
.exe windows:5 windows x86 arch:x86

1bcbfcdb80d2bbcaf9f809c2d319d120

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\pginstaller.auto\postgres.windows\Release\pg_dumpall\pg_dumpall.pdb

Imports

libintl-8

libintl_textdomain
libintl_gettext
libintl_bindtextdomain

libpq

ord130
ord64
ord126
ord67
ord69
ord92
ord48
ord47
ord38
ord33
ord21
ord72
ord140
ord15
ord113
ord97
ord14
ord78
ord152
ord4
ord156
ord68
ord75
ord91
ord45
ord77
ord76
ord90
ord70
ord34

kernel32

DecodePointer
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentThreadId
SleepEx
WideCharToMultiByte
MultiByteToWideChar
MoveFileExA
GetFileAttributesExA
GetFileAttributesA
CreateFileA
RemoveDirectoryA
CreateDirectoryA
FormatMessageA
DeviceIoControl
SetEnvironmentVariableA
GetModuleHandleA
GetProcAddress
SetConsoleMode
LocalAlloc
LocalFree
GetCurrentProcess
GetLastError
WaitForSingleObject
ReadFile
CloseHandle
DuplicateHandle
CreatePipe
CreateProcessA
GetCurrentDirectoryA
GetShortPathNameA
GetStdHandle
GetConsoleMode

advapi32

SetTokenInformation
GetLengthSid
InitializeAcl
GetAclInformation
AddAce
GetAce
AddAccessAllowedAceEx
GetTokenInformation

msvcr120

_unlink
fopen
puts
_errno
exit
strtoul
strerror
_localtime32
strftime
_time32
malloc
strstr
isupper
fputc
_pclose
getenv
strncpy
isalpha
memset
realloc
fclose
toupper
tolower
fwrite
sprintf
memmove
strrchr
isdigit
_dclass
fgets
fputs
_popen
system
memcpy
strcspn
_putenv
setlocale
_stat32
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__initenv
_fmode
_commode
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_invoke_watson
_controlfp_s
_except_handler4_common
_strdup
__iob_func
strchr
free
abort
islower
_getcwd
strncmp
fflush

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1bcbfcdb80d2bbcaf9f809c2d319d120

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libintl-8

libpq

kernel32

advapi32

msvcr120

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 24KB - Virtual size: 23KB