pg_restore[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

pg_restore.exe
Size

153KB
MD5

2b4aa05f8580d96bbbbe60ee639b42e0
SHA1

b0e0941707c1ae738b7712d2baa63ce1f6b42496
SHA256

ffa9d482dbcec677fa3c1eb88f1072d03e8c148ae1701805435a0dbc70879892
SHA512

8c81056a7edf4cd46817649526c6d4f7961a7319d19adccb5ac53fd890bda83a7d1973e405d286ed41e1f68024ffdd4c6881d19ee49841779c60903241b09b8a
SSDEEP

3072:km94af2Bxer9lMj7Y4raOAjZcJP8h1aAQQz60OkBIYnNH6JfhO5oZ:kg4aOBxer9unpGO8Zcx8LaAQ50kYNH6p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pg_restore.exe

Files

pg_restore.exe
.exe windows:5 windows x86 arch:x86

3f656d5cbd44281fadbfa31e996a31ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\pginstaller.auto\postgres.windows\Release\pg_restore\pg_restore.pdb

Imports

zlib1

gzdopen
gzopen
inflateInit_
deflateInit_
gzclose
gzeof
gzgetc
gzgets
gzwrite
gzread
inflateEnd
inflate
deflateEnd
deflate

libintl-8

libintl_textdomain
libintl_bindtextdomain
libintl_ngettext
libintl_gettext

libpq

ord72
ord126
ord64
ord130
ord34
ord45
ord104
ord77
ord76
ord70
ord90
ord91
ord75
ord68
ord120
ord121
ord122
ord21
ord33
ord48
ord7
ord103
ord24
ord20
ord138
ord140
ord97
ord96
ord14
ord9
ord4
ord156
ord67
ord69
ord92
ord115
ord123
ord56
ord54
ord53
ord15
ord113
ord11
ord10
ord8

ws2_32

WSAGetLastError
WSACleanup
WSAStartup
socket
send
select
recv
listen
htons
htonl
getsockname
connect
closesocket
bind
accept
__WSAFDIsSet

kernel32

SleepEx
DecodePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
EncodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
SetEnvironmentVariableA
GetModuleHandleA
GetProcAddress
FindNextFileA
FindFirstFileA
FindClose
SetConsoleMode
GetConsoleMode
GetStdHandle
WideCharToMultiByte
MultiByteToWideChar
MoveFileExA
GetFileAttributesExA
GetFileAttributesA
CreateFileA
RemoveDirectoryA
CreateDirectoryA
FormatMessageA
DeviceIoControl
GetCurrentDirectoryA
CreateProcessA
CreatePipe
DuplicateHandle
ReadFile
WaitForSingleObject
GetLastError
GetCurrentProcess
LocalFree
LocalAlloc
SetConsoleCtrlHandler
TlsSetValue
TlsGetValue
TlsAlloc
CloseHandle
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
TerminateThread
GetCurrentThreadId
GetShortPathNameA

advapi32

AddAccessAllowedAceEx
GetAce
AddAce
GetAclInformation
InitializeAcl
GetLengthSid
SetTokenInformation
GetTokenInformation

msvcr120

__setusermatherr
_initterm_e
_initterm
__initenv
_fmode
_commode
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_lock
_unlock
_calloc_crt
__dllonexit
_getcwd
_onexit
_controlfp_s
_except_handler4_common
_strdup
_fileno
_write
_fdopen
_dup
_setmode
_mkdir
_open
_umask
_unlink
_invoke_watson
fclose
feof
fgetc
fgets
fopen
fread
fwrite
_errno
free
strerror
abort
strchr
strncmp
__iob_func
fflush
sscanf
_beginthreadex
_endthreadex
memset
ferror
_fseeki64
_ftelli64
strtol
strspn
strstr
_localtime32
strftime
_time32
_mktime32
memcpy
fputc
getc
strncpy
_tempnam
atoi
strtoul
exit
puts
malloc
isupper
realloc
_pclose
getenv
isalpha
sprintf
memmove
strrchr
isdigit
_dclass
_stat32
fputs
strcspn
islower
toupper
tolower
_putenv
setlocale
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
_configthreadlocale

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f656d5cbd44281fadbfa31e996a31ad

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

zlib1

libintl-8

libpq

ws2_32

kernel32

advapi32

msvcr120

Sections

.text Size: 94KB - Virtual size: 94KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 94KB - Virtual size: 94KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 24KB - Virtual size: 23KB