dc213b46a8d365ba47274411297fbcf983e8fe0b599247db8460e95d10285df2

Sharing

Copy URL

Twitter E-mail

General

Target

dc213b46a8d365ba47274411297fbcf983e8fe0b599247db8460e95d10285df2
Size

190KB
MD5

be6c1d2f865a665816988d0a9760779f
SHA1

9fc73b004b23b1fdb985fd97115f3f8e3c93987c
SHA256

dc213b46a8d365ba47274411297fbcf983e8fe0b599247db8460e95d10285df2
SHA512

eca490a5fd410c195f442a9c6c6c1812d275b2c12fd68c0bdf3ea7232eededb770048b539151fc77e311c6ac9ec1cdd069554c7470f6f5ff1911759f1590783f
SSDEEP

3072:rHYpw3iQow4Lskkarttk0p0hrvoezFnk11JMUEnKx94Z00zHOzkfmyeQKZ7ZXqCi:0pw3xow4LskkarttkIQbzm11kKxh0zHv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc213b46a8d365ba47274411297fbcf983e8fe0b599247db8460e95d10285df2

Files

dc213b46a8d365ba47274411297fbcf983e8fe0b599247db8460e95d10285df2
.exe windows:6 windows x64 arch:x64

0e020021377fd7aeb0b6878f4a2e5fb8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

B:\3p\derived\win64\PostgreSQL\Release\initdb\initdb.pdb

Imports

libpq

ord130
ord70
ord67
ord69
ord185
ord68
ord126
ord72
ord113
ord75
ord91
ord76
ord64
ord77

ws2_32

WSAStartup
gethostbyname
WSAGetLastError

kernel32

GetModuleHandleW
GetCurrentDirectoryA
GetLastError
LocalAlloc
LocalFree
GetStdHandle
GetConsoleMode
SetConsoleMode
GetCommandLineA
CloseHandle
WaitForSingleObject
GetCurrentProcess
GetExitCodeProcess
ResumeThread
FreeLibrary
GetCurrentProcessId
LoadLibraryA
CreateFileA
CreateDirectoryA
GetFileAttributesA
RemoveDirectoryA
DeviceIoControl
FormatMessageA
MoveFileExA
MultiByteToWideChar
WideCharToMultiByte
GetFileInformationByHandle
SetEnvironmentVariableA
GetModuleHandleExA
GetShortPathNameA
LoadLibraryExA
GetLocaleInfoEx
FindClose
FindFirstFileA
FindNextFileA
SleepEx
GetFileType
GetCurrentThreadId
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
GetProcAddress
InitializeSListHead
RtlCaptureContext

advapi32

SetTokenInformation
GetTokenInformation
GetLengthSid
GetAclInformation
GetAce
AddAce
AddAccessAllowedAceEx
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
GetUserNameA
FreeSid
AllocateAndInitializeSid
CreateProcessAsUserA
RegCloseKey
OpenProcessToken
InitializeAcl

vcruntime140

__current_exception
__std_type_info_destroy_list
__intrinsic_setjmp
__C_specific_handler
strrchr
memmove
memset
strchr
strstr
memcpy
__current_exception_context

api-ms-win-crt-environment-l1-1-0

getenv
_putenv

api-ms-win-crt-time-l1-1-0

_localtime64
strftime
_time64

api-ms-win-crt-stdio-l1-1-0

fclose
ferror
fflush
fputs
_set_fmode
puts
_popen
setvbuf
feof
fgets
_setmode
__p__commode
_open_osfhandle
_close
__stdio_common_vsprintf
fwrite
_read
fputc
_pclose
_isatty
__acrt_iob_func
_getcwd
_fileno
_commit
_get_osfhandle

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
free
realloc

api-ms-win-crt-runtime-l1-1-0

terminate
_wassert
perror
exit
abort
_errno
_register_thread_local_exe_atexit_callback
_c_exit
strerror
__p___argv
system
signal
__p___argc
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_seh_filter_exe
_seh_filter_dll

api-ms-win-crt-convert-l1-1-0

strtol
atoi

api-ms-win-crt-string-l1-1-0

strtok
strcmp
strspn
strnlen
_strdup
isalnum
islower
toupper
isupper
tolower
isalpha
strcspn
isdigit
isxdigit
isspace
strncmp

api-ms-win-crt-math-l1-1-0

_dclass
_fdopen
__setusermatherr

api-ms-win-crt-locale-l1-1-0

setlocale
_configthreadlocale

api-ms-win-crt-filesystem-l1-1-0

_unlink
_rmdir
_umask
_mkdir
_chmod

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e020021377fd7aeb0b6878f4a2e5fb8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libpq

ws2_32

kernel32

advapi32

vcruntime140

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 69KB - Virtual size: 69KB

.data Size: 1KB - Virtual size: 30KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 69KB - Virtual size: 69KB

.data
Size: 1KB - Virtual size: 30KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 24KB - Virtual size: 23KB