pg_standby[.]exe

General

Target

pg_standby.exe
Size

52KB
MD5

97ac4180e9c54687e7c9fa858931c7fa
SHA1

04cf1408aa5a14a3a73852bd48410a2c7927e88b
SHA256

9332069d23a50fa67e4aa8b4a26bb5196dcc7609e8a694ffc6708addee92dbe1
SHA512

b2438158be4e952f99caf2ae2bcc6fc2401ee32e6f06e4d0dfd13abed273583c52f746123979a252fcd871f53f6d84256b5f4278f8b0dbab28dd3b95189fb666
SSDEEP

768:047fqNl8htOX744YftEsN8FT2+/MeqY4C3yrveNBeLuBkK9nKKf9KGyxyw:0SyNizmajRWM/Y4C3weeLuB5oGqZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pg_standby.exe

Files

pg_standby.exe
.exe windows:5 windows x86 arch:x86

731d70f7070d3d4cf8d890cff596e221

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\pginstaller.auto\postgres.windows\Release\pg_standby\pg_standby.pdb

Imports

kernel32

GetShortPathNameA
SleepEx
LocalFree
GetLastError
DeviceIoControl
CloseHandle
FormatMessageA
CreateDirectoryA
RemoveDirectoryA
CreateFileA
GetFileAttributesA
GetFileAttributesExA
MoveFileExA
MultiByteToWideChar
WideCharToMultiByte
FindClose
FindFirstFileA
FindNextFileA
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
EncodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer

msvcr120

strncmp
strspn
abort
getenv
free
malloc
strstr
isalpha
fwrite
sprintf
memmove
strrchr
isdigit
_dclass
memset
strchr
_stat32
strerror
system
memcpy
isupper
islower
toupper
tolower
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__initenv
_fmode
_commode
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_invoke_watson
_controlfp_s
_except_handler4_common
_getcwd
_read
atoi
exit
_errno
sscanf
puts
fflush
__iob_func
_popen
_strdup
_chsize
_close
_open
_unlink

libintl-8

libintl_gettext

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

731d70f7070d3d4cf8d890cff596e221

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcr120

libintl-8

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 24KB - Virtual size: 23KB