pg_upgrade[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

pg_upgrade.exe
Size

129KB
MD5

224886b1c0c8ab83c5d95dddfa8ebab4
SHA1

fdd50d32225805a38d12b63eb0dfe44286c0ce5d
SHA256

f2e6ab4ba1b4df5017ab787060fa09894b09cb50e1d83a34361acf1cefb1bf00
SHA512

f8d5b9b86592aeb9f5000ee28028a57106118327073de94f39c0b5cb6f05781d94b50552341110c3050b8cc226e0c3805d8c95b7a206be5a4859dbd482963560
SSDEEP

3072:Ew10cKJ6BxkGofBy27Cq0KtveiW6JtQO5oZ:/10cKeSGwU27V0KwD6JtzGZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pg_upgrade.exe

Files

pg_upgrade.exe
.exe windows:5 windows x86 arch:x86

75570649da253c8e37dd2ccf1ac5ec53

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\pginstaller.auto\postgres.windows\Release\pg_upgrade\pg_upgrade.pdb

Imports

libintl-8

libintl_textdomain
libintl_gettext
libintl_bindtextdomain

libpq

ord130
ord76
ord64
ord72
ord113
ord70
ord77
ord14
ord78
ord3
ord1
ord126
ord33
ord21
ord15
ord91
ord68
ord75
ord67
ord69
ord92
ord34
ord48
ord38
ord45
ord4

kernel32

IsProcessorFeaturePresent
EncodePointer
DecodePointer
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentProcessId
FindNextFileA
FindFirstFileA
FindClose
GetModuleHandleA
SleepEx
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
GetLastError
CopyFileA
CreateHardLinkA
GetExitCodeThread
WaitForMultipleObjects
CloseHandle
SetEnvironmentVariableA
LocalAlloc
LocalFree
GetCurrentProcess
WaitForSingleObject
ReadFile
DuplicateHandle
CreatePipe
CreateProcessA
GetCurrentDirectoryA
FreeLibrary
GetProcAddress
GetExitCodeProcess
ResumeThread
LoadLibraryA
GetCommandLineA
GetShortPathNameA
DeviceIoControl
FormatMessageA
CreateDirectoryA
RemoveDirectoryA
CreateFileA
GetFileAttributesA
GetFileAttributesExA
MoveFileExA

advapi32

FreeSid
SetTokenInformation
GetLengthSid
InitializeAcl
GetAclInformation
AddAce
GetAce
GetUserNameA
CreateProcessAsUserA
GetTokenInformation
AllocateAndInitializeSid
OpenProcessToken
AddAccessAllowedAceEx

msvcr120

exit
strtoul
_unlink
strerror
strrchr
__iob_func
fflush
getenv
strpbrk
strspn
strstr
fopen
_fstat32
atoi
puts
free
_ctime32
_time32
_beginthreadex
fscanf
fputs
malloc
isupper
realloc
memset
_errno
strncpy
isalpha
abort
strncmp
islower
toupper
tolower
fwrite
sprintf
memmove
isdigit
_dclass
setlocale
memcpy
_stat32
_popen
system
strcspn
_putenv
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__initenv
_fmode
_commode
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except_handler4_common
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
_strdup
_isatty
sscanf
_pclose
fclose
fputc
_rmdir
fgets
strchr
_umask
_close
_open
_read
_write
_getcwd
_fileno

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75570649da253c8e37dd2ccf1ac5ec53

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libintl-8

libpq

kernel32

advapi32

msvcr120

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 1024B - Virtual size: 10KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 1024B - Virtual size: 10KB

.rsrc
Size: 24KB - Virtual size: 23KB