libpq[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

libpq.dll
Size

186KB
MD5

ab3a6f83712e17d0901abde13b004062
SHA1

1c4bd0be0fbd7465bdb0918c1a311386d0d7854a
SHA256

0b0dbe2f87a96a30701e94ce8f00fb4491e059a38544b8d44e352aef8c0d1c23
SHA512

84feea8a538f84e4091041993fe8d267f55fa09e3a9c471a6e23e8af1180a7276ff3bf81e3c5b208722713ca19c41dd6f0b38cbf6a08f5256c4d3454a5a20a71
SSDEEP

3072:g0SbzmdxueCXMqZ2GmaQNU/+AEqchKN72fKEeuNYY4y0+bH3Pna5Of:g0gzdelFnK+PjhKN729PGYj0qXPl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
libpq.dll

Files

libpq.dll
.dll windows:6 windows x64 arch:x64

ef3d08536feaebfbb447aab0fb6dca1d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\git\winlibs\postgresql\src\interfaces\libpq\Release\libpq.pdb

Imports

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
strstr
strrchr
memmove
memchr
memset
memcpy
strchr

api-ms-win-crt-stdio-l1-1-0

_fileno
_isatty
__acrt_iob_func
__stdio_common_vsscanf
_open
fflush
fwrite
fputc
fputs
fopen
fgets
_pclose
putc
_close
_read
_write
feof
ferror
__stdio_common_vsprintf
fclose
_popen

api-ms-win-crt-heap-l1-1-0

realloc
calloc
free
malloc

api-ms-win-crt-runtime-l1-1-0

signal
terminate
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_errno
_initterm_e
_register_onexit_function
_initialize_onexit_table
system
_initterm
abort
_initialize_narrow_environment
_configure_narrow_argv
_cexit
_seh_filter_dll
strerror

api-ms-win-crt-convert-l1-1-0

strtoul
strtol
atoi

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-string-l1-1-0

toupper
tolower
isupper
isxdigit
strncpy
isalnum
isdigit
islower
strspn
strncat
strncmp
isalpha
isspace
_strdup

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-math-l1-1-0

_dclass

api-ms-win-crt-filesystem-l1-1-0

_unlink
_stat64i32

api-ms-win-crt-locale-l1-1-0

setlocale

kernel32

CreateDirectoryA
CreateFileA
GetFileAttributesA
GetFileAttributesExA
RemoveDirectoryA
CloseHandle
DeviceIoControl
FormatMessageA
MoveFileExA
MultiByteToWideChar
WideCharToMultiByte
GetLocaleInfoEx
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
LocalFree
GetSystemTimeAsFileTime
GetCurrentThreadId
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
FreeLibrary
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepEx
LoadLibraryExA
LoadLibraryA
GetProcAddress
GetLastError

advapi32

GetUserNameA

shell32

SHGetFolderPathA

ws2_32

WSAIoctl
WSAGetLastError
WSASetLastError
closesocket
connect
getsockname
getsockopt
htonl
recv
send
ioctlsocket
ntohl
gethostbyname
WSASocketA
setsockopt
socket
WSAStartup
select
ntohs
WSACleanup
htons

secur32

FreeCredentialsHandle
DeleteSecurityContext
AcquireCredentialsHandleA
InitializeSecurityContextA
FreeContextBuffer

libssl-1_1-x64

SSL_get_peer_certificate
OPENSSL_init_ssl
SSL_get_current_compression
SSL_set_ex_data
SSL_CTX_load_verify_locations
SSL_shutdown
TLS_method
SSL_get_version
SSL_get_error
SSL_CTX_ctrl
SSL_write
SSL_connect
SSL_free
SSL_new
SSL_check_private_key
SSL_read
SSL_CTX_use_certificate_chain_file
SSL_use_PrivateKey_file
SSL_use_PrivateKey
SSL_set_verify
SSL_set_bio
SSL_pending
SSL_CIPHER_get_name
SSL_CIPHER_get_bits
SSL_get_current_cipher
SSL_CTX_get_cert_store
SSL_CTX_free
SSL_CTX_new
SSL_set_options
SSL_CTX_set_options

libcrypto-1_1-x64

ENGINE_load_private_key
ENGINE_finish
ENGINE_init
ENGINE_free
ENGINE_by_id
OPENSSL_config
ERR_reason_error_string
ERR_clear_error
ERR_get_error
ERR_put_error
X509_get_ext_d2i
X509_NAME_ENTRY_get_data
X509_NAME_get_entry
X509_NAME_get_index_by_NID
X509_get_subject_name
X509_free
X509_STORE_load_locations
X509_STORE_set_flags
ASN1_STRING_data
BIO_meth_get_puts
ASN1_STRING_length
BIO_meth_set_callback_ctrl
BIO_meth_get_callback_ctrl
BIO_meth_set_destroy
BIO_meth_get_destroy
BIO_meth_set_create
BIO_meth_get_create
BIO_meth_set_ctrl
BIO_meth_get_ctrl
BIO_meth_set_gets
BIO_meth_get_gets
OPENSSL_sk_num
OPENSSL_sk_value
OPENSSL_sk_free
BIO_get_new_index
BIO_set_flags
BIO_clear_flags
BIO_new
BIO_set_data
BIO_get_data
BIO_int_ctrl
BIO_s_socket
BIO_meth_new
BIO_meth_free
BIO_meth_set_write
BIO_meth_set_read
BIO_meth_set_puts

Exports

Exports

PQbackendPID
PQbinaryTuples
PQcancel
PQclear
PQclientEncoding
PQcmdStatus
PQcmdTuples
PQconndefaults
PQconnectPoll
PQconnectStart
PQconnectStartParams
PQconnectdb
PQconnectdbParams
PQconnectionNeedsPassword
PQconnectionUsedPassword
PQconninfo
PQconninfoFree
PQconninfoParse
PQconsumeInput
PQcopyResult
PQdb
PQdescribePortal
PQdescribePrepared
PQdisplayTuples
PQdsplen
PQencryptPassword
PQendcopy
PQenv2encoding
PQerrorMessage
PQescapeBytea
PQescapeByteaConn
PQescapeIdentifier
PQescapeLiteral
PQescapeString
PQescapeStringConn
PQexec
PQexecParams
PQexecPrepared
PQfformat
PQfinish
PQfireResultCreateEvents
PQflush
PQfmod
PQfn
PQfname
PQfnumber
PQfreeCancel
PQfreeNotify
PQfreemem
PQfsize
PQftable
PQftablecol
PQftype
PQgetCancel
PQgetCopyData
PQgetResult
PQgetisnull
PQgetlength
PQgetline
PQgetlineAsync
PQgetssl
PQgetvalue
PQhost
PQinitOpenSSL
PQinitSSL
PQinstanceData
PQisBusy
PQisnonblocking
PQisthreadsafe
PQlibVersion
PQmakeEmptyPGresult
PQmblen
PQnfields
PQnotifies
PQnparams
PQntuples
PQoidStatus
PQoidValue
PQoptions
PQparameterStatus
PQparamtype
PQpass
PQping
PQpingParams
PQport
PQprepare
PQprint
PQprintTuples
PQprotocolVersion
PQputCopyData
PQputCopyEnd
PQputline
PQputnbytes
PQregisterEventProc
PQregisterThreadLock
PQrequestCancel
PQresStatus
PQreset
PQresetPoll
PQresetStart
PQresultAlloc
PQresultErrorField
PQresultErrorMessage
PQresultInstanceData
PQresultSetInstanceData
PQresultStatus
PQresultVerboseErrorMessage
PQsendDescribePortal
PQsendDescribePrepared
PQsendPrepare
PQsendQuery
PQsendQueryParams
PQsendQueryPrepared
PQserverVersion
PQsetClientEncoding
PQsetErrorContextVisibility
PQsetErrorVerbosity
PQsetInstanceData
PQsetNoticeProcessor
PQsetNoticeReceiver
PQsetResultAttrs
PQsetSingleRowMode
PQsetdbLogin
PQsetnonblocking
PQsetvalue
PQsocket
PQsslAttribute
PQsslAttributeNames
PQsslInUse
PQsslStruct
PQstatus
PQtrace
PQtransactionStatus
PQtty
PQunescapeBytea
PQuntrace
PQuser
appendBinaryPQExpBuffer
appendPQExpBuffer
appendPQExpBufferChar
appendPQExpBufferStr
createPQExpBuffer
destroyPQExpBuffer
enlargePQExpBuffer
initPQExpBuffer
lo_close
lo_creat
lo_create
lo_export
lo_import
lo_import_with_oid
lo_lseek
lo_lseek64
lo_open
lo_read
lo_tell
lo_tell64
lo_truncate
lo_truncate64
lo_unlink
lo_write
pg_char_to_encoding
pg_encoding_to_char
pg_utf_mblen
pg_valid_server_encoding
pg_valid_server_encoding_id
pgresStatus
pqsignal
printfPQExpBuffer
resetPQExpBuffer
termPQExpBuffer

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef3d08536feaebfbb447aab0fb6dca1d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

kernel32

advapi32

shell32

ws2_32

secur32

libssl-1_1-x64

libcrypto-1_1-x64

Exports

Exports

Sections

.text Size: 118KB - Virtual size: 118KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 23KB - Virtual size: 24KB

.pdata Size: 7KB - Virtual size: 6KB

.rsrc Size: 1024B - Virtual size: 816B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 118KB - Virtual size: 118KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 23KB - Virtual size: 24KB

.pdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 816B

.reloc
Size: 1KB - Virtual size: 1KB