pg_dump[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

pg_dump.exe
Size

347KB
MD5

5e04c268aa71dbc24d2b78f41003e3fb
SHA1

f591794f9d2a4341279293a4adc566ebd3087fb2
SHA256

4f627d15b24c44072728ed0df0a9057359ecb9764cfbcfbeb80e10ba1799083c
SHA512

eee2ae02cbc8182d8820a8804c7dcce363db085b37fc04ffb6b7c5bfda84a2ec17746d952455566348d9dd0dce7a258fca852471760f04abef1f4e4a74b11bbc
SSDEEP

6144:T+v+lZG6mYZrcYEApusgRF1rOM4xZgDaA1F42NBeoA6AQ50ILN/NGhc5M5YHE4Eb:T+v+lcKZcYEApu7TrOM4xZgBMkb6JtZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pg_dump.exe

Files

pg_dump.exe
.exe windows:5 windows x86 arch:x86

3dcf690adbbb36b8ff798f13b0e01eb1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\pginstaller.auto\postgres.windows\Release\pg_dump\pg_dump.pdb

Imports

zlib1

gzdopen
gzopen
inflateInit_
deflateInit_
gzclose
gzeof
gzgetc
gzgets
gzwrite
gzread
inflateEnd
inflate
deflateEnd
deflate

libintl-8

libintl_textdomain
libintl_bindtextdomain
libintl_ngettext
libintl_gettext

libpq

ord72
ord85
ord105
ord35
ord37
ord38
ord39
ord46
ord47
ord95
ord94
ord55
ord74
ord104
ord64
ord130
ord34
ord45
ord77
ord76
ord70
ord90
ord91
ord75
ord68
ord120
ord121
ord122
ord21
ord33
ord48
ord7
ord8
ord103
ord24
ord20
ord138
ord140
ord97
ord96
ord14
ord9
ord4
ord156
ord67
ord69
ord92
ord115
ord123
ord56
ord54
ord53
ord15
ord113
ord11
ord10
ord126

ws2_32

WSAGetLastError
WSACleanup
WSAStartup
socket
send
select
recv
listen
htons
htonl
getsockname
connect
closesocket
bind
accept
__WSAFDIsSet

kernel32

SleepEx
DecodePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
EncodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
SetEnvironmentVariableA
GetModuleHandleA
GetProcAddress
GetShortPathNameA
FindNextFileA
FindFirstFileA
FindClose
SetConsoleMode
GetConsoleMode
WideCharToMultiByte
MultiByteToWideChar
MoveFileExA
GetFileAttributesExA
GetFileAttributesA
CreateFileA
RemoveDirectoryA
CreateDirectoryA
FormatMessageA
DeviceIoControl
GetCurrentDirectoryA
CreateProcessA
CreatePipe
DuplicateHandle
ReadFile
WaitForSingleObject
GetLastError
GetCurrentProcess
LocalFree
LocalAlloc
SetConsoleCtrlHandler
TlsSetValue
TlsGetValue
TlsAlloc
CloseHandle
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
TerminateThread
GetCurrentThreadId
GetStdHandle

advapi32

AddAccessAllowedAceEx
GetAce
AddAce
GetAclInformation
InitializeAcl
GetLengthSid
SetTokenInformation
GetTokenInformation

msvcr120

_initterm_e
_initterm
__initenv
_fmode
_commode
?terminate@@YAXXZ
_getcwd
__crtSetUnhandledExceptionFilter
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_invoke_watson
_controlfp_s
_except_handler4_common
_strdup
_fileno
_write
_fdopen
_dup
_setmode
_mkdir
_open
_umask
_unlink
__setusermatherr
strtoul
free
isdigit
memset
fclose
feof
fgetc
fgets
fopen
fread
fwrite
_errno
strerror
abort
strchr
strncmp
__iob_func
fflush
sscanf
_beginthreadex
_endthreadex
ferror
_fseeki64
_ftelli64
strtol
strspn
strstr
_localtime32
strftime
_time32
_mktime32
memcpy
fputc
getc
strncpy
_tempnam
atoi
exit
puts
malloc
isupper
realloc
_pclose
getenv
isalpha
sprintf
memmove
strrchr
_dclass
_stat32
fputs
islower
toupper
tolower
strcspn
_putenv
setlocale
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
_configthreadlocale

Sections

.text
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3dcf690adbbb36b8ff798f13b0e01eb1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

zlib1

libintl-8

libpq

ws2_32

kernel32

advapi32

msvcr120

Sections

.text Size: 193KB - Virtual size: 192KB

.rdata Size: 127KB - Virtual size: 127KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 193KB - Virtual size: 192KB

.rdata
Size: 127KB - Virtual size: 127KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 24KB - Virtual size: 23KB