psql[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

psql.exe
Size

369KB
MD5

182ada46a9a6907ed86038163d998bc9
SHA1

c05601686f75a3fd782fc8979a34ae17bbfc5fe6
SHA256

4df02316aca2a35a745ebd9d8459eb21f0acb2447f6d107da1d0c4ecac12abcb
SHA512

ae26bbc95e94fb04a175a7bc34c7c337ad66eaec82c2cd81e31b54899f996910a69f8e32e070a728205e2a699ac15fe676a6c07cf4ce1953e7dee57dd322471d
SSDEEP

6144:cQX3c8x04EGrHOGq+P3kO9zk/Sn8uWnl6ccK+4WbG8146xW+zEzaPQO/LXkOy1+o:cQX3cC04EGrHOGq+P3kezkrnl6ccK+4h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
psql.exe

Files

psql.exe
.exe windows:5 windows x86 arch:x86

c45c98cd099c6ef229feda38f8abfac6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\pginstaller.auto\postgres.windows\Release\psql\psql.pdb

Imports

libintl-8

libintl_textdomain
libintl_ngettext
libintl_gettext
libintl_bindtextdomain

libpq

ord154
ord155
ord64
ord98
ord103
ord104
ord105
ord39
ord126
ord60
ord61
ord62
ord17
ord74
ord73
ord112
ord139
ord130
ord115
ord71
ord42
ord37
ord36
ord35
ord22
ord24
ord96
ord122
ord121
ord120
ord5
ord68
ord75
ord91
ord90
ord70
ord67
ord76
ord69
ord77
ord92
ord128
ord95
ord48
ord45
ord34
ord106
ord171
ord33
ord21
ord20
ord170
ord99
ord169
ord166
ord85
ord72
ord140
ord15
ord113
ord97
ord156
ord14
ord11
ord10
ord9
ord8
ord7
ord4
ord165
ord78
ord47

kernel32

IsDebuggerPresent
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
DecodePointer
EncodePointer
WideCharToMultiByte
MultiByteToWideChar
MoveFileExA
GetFileAttributesExA
GetFileAttributesA
CreateFileA
RemoveDirectoryA
CreateDirectoryA
FormatMessageA
DeviceIoControl
SetConsoleMode
GetConsoleMode
GetStdHandle
SleepEx
GetShortPathNameA
SetEnvironmentVariableA
GetModuleHandleA
GetProcAddress
GetCurrentDirectoryA
CreateProcessA
CreatePipe
DuplicateHandle
CloseHandle
ReadFile
WaitForSingleObject
GetCurrentProcess
LocalFree
LocalAlloc
GetLastError
SetConsoleCtrlHandler
QueryPerformanceFrequency
QueryPerformanceCounter
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetConsoleCP
GetACP
GetTempPathA
GetSystemTimeAsFileTime

advapi32

GetLengthSid
GetTokenInformation
SetTokenInformation
InitializeAcl
GetAclInformation
AddAce
GetAce
AddAccessAllowedAceEx
GetUserNameA

msvcr120

fgets
fopen
fputc
fputs
fwrite
_pclose
putchar
puts
remove
_errno
exit
fflush
getenv
strtod
strtoul
free
strchr
strerror
strncmp
strspn
isalpha
isdigit
isspace
_localtime32
strftime
_time32
_setjmp3
clearerr
_write
fread
_fstat32
bsearch
strstr
malloc
putc
memmove
strtol
strcspn
memset
feof
getc
realloc
setvbuf
localeconv
_libm_sse2_log10_precise
memcpy
isupper
strncpy
_putenv
abort
islower
toupper
tolower
sprintf
strrchr
_dclass
_stat32
_popen
system
setlocale
_except1
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__initenv
_fmode
_commode
_except_handler4_common
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
_access
_isatty
ferror
fclose
__iob_func
_unlink
_strdup
_getcwd
atoi
_fdopen
_getpid
_chdir
_open
_fileno

Sections

.text
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c45c98cd099c6ef229feda38f8abfac6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libintl-8

libpq

kernel32

advapi32

msvcr120

Sections

.text Size: 178KB - Virtual size: 177KB

.rdata Size: 137KB - Virtual size: 137KB

.data Size: 29KB - Virtual size: 30KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 178KB - Virtual size: 177KB

.rdata
Size: 137KB - Virtual size: 137KB

.data
Size: 29KB - Virtual size: 30KB

.rsrc
Size: 24KB - Virtual size: 23KB