pgbench[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

pgbench.exe
Size

138KB
MD5

9a8b6f2828237795ee316284cb71281e
SHA1

dd8e66b8c132f5fe326e9a2b9a958b100e4dadf0
SHA256

1fb6961c7905f8c41932e889e81dbc3ead9495656981bf9a384f5d97d59c43b7
SHA512

4d147ec49adc8dbcfac2550b96a357f27ae6625590f7b88b532f6b0b3c1b9b0a2799aee0e4454d10e474b4c93c1490271f439f3af2f3d843b0787ce109f58d8a
SSDEEP

3072:A1VpAD0GtVuOeqak7l+p1nPkl6JJjwTO5oZ:A1lGaFq6JJkiGZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pgbench.exe

Files

pgbench.exe
.exe windows:5 windows x86 arch:x86

85310a0283298a09c446e669b70d8058

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\pginstaller.auto\postgres.windows\Release\pgbench\pgbench.pdb

Imports

libintl-8

libintl_gettext

libpq

ord31
ord33
ord106
ord45
ord48
ord95
ord155
ord69
ord67
ord75
ord68
ord74
ord64
ord139
ord156
ord28
ord26
ord25
ord24
ord111
ord102
ord23
ord118
ord21
ord140
ord16
ord15
ord14
ord7
ord70
ord4

ws2_32

select
__WSAFDIsSet

kernel32

GetCurrentThreadId
EncodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
SetConsoleMode
GetConsoleMode
GetStdHandle
GetShortPathNameA
QueryPerformanceFrequency
QueryPerformanceCounter
CreateTimerQueueTimer
CreateTimerQueue
CloseHandle
WaitForSingleObject
GetLastError
GetSystemTimeAsFileTime
DecodePointer

msvcr120

ferror
fread
getc
_errno
exit
atof
free
malloc
realloc
memcpy
memset
fclose
fflush
fgets
fopen
fputc
_pclose
clearerr
setvbuf
sscanf
_getcwd
bsearch
getenv
strtol
memmove
strchr
__iob_func
strncmp
strncpy
strrchr
isdigit
isspace
isalnum
_beginthreadex
_libm_sse2_exp_precise
_libm_sse2_log_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
ceil
strstr
isupper
islower
toupper
tolower
fwrite
sprintf
_dclass
abort
isalpha
fputs
_popen
system
ldexp
strcspn
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except1
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__initenv
_fmode
_commode
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_invoke_watson
_controlfp_s
_except_handler4_common
_getpid
strerror
_strdup
puts
atoi

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85310a0283298a09c446e669b70d8058

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libintl-8

libpq

ws2_32

kernel32

msvcr120

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 27KB - Virtual size: 42KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 27KB - Virtual size: 42KB

.rsrc
Size: 24KB - Virtual size: 23KB