13d494b8c130e6417809a215222201a20266289f85e819063f29dd65e21f0d55

Sharing

Copy URL Twitter E-mail

General

Target

13d494b8c130e6417809a215222201a20266289f85e819063f29dd65e21f0d55
Size

146KB
MD5

469b364fe80a5ae096d35a906d98dbc9
SHA1

0912cb5f123bbb995e3737019b0879e68fe40a2b
SHA256

13d494b8c130e6417809a215222201a20266289f85e819063f29dd65e21f0d55
SHA512

cc11cc033467a92de5031ebc9ed7867e185cd4062f54b81f0d3ca02d277ebd242a3e0f895cc22a27a3ba7df3df1679064ab09ea6d76d500c853646d5d775ceda
SSDEEP

3072:9MKvUgLX1JyJKRV43yTO5oZrjcPgf+cSfNqH+TLr8Jtc8/dw:HLlJyJKRV43yiGZrj9SN++TLr8rcew

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13d494b8c130e6417809a215222201a20266289f85e819063f29dd65e21f0d55

Files

13d494b8c130e6417809a215222201a20266289f85e819063f29dd65e21f0d55
.exe windows:5 windows x86 arch:x86

6aeeb242476e7faf32ff80e7d7837a3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\pginstaller.auto-repo\postgres.windows\Release\pg_ctl\pg_ctl.pdb

Imports

libintl

libintl_textdomain
libintl_gettext
libintl_bindtextdomain

libpq

ord158

kernel32

SleepEx
MoveFileExA
RemoveDirectoryA
FormatMessageA
DeviceIoControl
MultiByteToWideChar
CreateFileA
CreateDirectoryA
GetCurrentDirectoryA
GetFileAttributesA
GetFileAttributesExA
CallNamedPipeA
SetEnvironmentVariableA
GetModuleHandleA
FindNextFileA
FindFirstFileA
FindClose
LocalAlloc
LocalFree
CreatePipe
DuplicateHandle
ReadFile
CreateEventA
WaitForMultipleObjects
WaitForSingleObject
LoadLibraryA
GetProcAddress
FreeLibrary
CreateProcessA
GetCurrentProcess
CloseHandle
GetVersionExA
ResumeThread
SetEvent
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
WideCharToMultiByte
GetSystemTimeAsFileTime
DecodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
EncodePointer
HeapSetInformation
InterlockedCompareExchange
Sleep
GetCurrentProcessId
InterlockedExchange

advapi32

GetLengthSid
InitializeAcl
GetAce
AddAce
AddAccessAllowedAceEx
SetTokenInformation
GetTokenInformation
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
OpenProcessToken
AllocateAndInitializeSid
FreeSid
CreateProcessAsUserA
SetServiceStatus
DeleteService
OpenSCManagerA
CreateServiceA
OpenServiceA
CloseServiceHandle
RegisterEventSourceA
ReportEventA
GetAclInformation

msvcr100

memcpy
strstr
_rmdir
system
memset
strchr
_pclose
fgets
_popen
atoi
atol
getenv
puts
setvbuf
fwrite
memmove
sprintf
fputc
perror
strncpy
isalpha
_stat32
realloc
strncmp
tolower
isupper
toupper
islower
abort
_putenv
setlocale
_amsg_exit
free
_cexit
_exit
_XcptFilter
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_invoke_watson
_controlfp_s
_umask
_getpid
_errno
fscanf
fclose
fputs
fflush
malloc
exit
__iob_func
_time32
_fstat32
__getmainargs
fopen
_unlink
strerror
strcspn
_isatty
_fileno
_strdup
_read
_close
_open

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6aeeb242476e7faf32ff80e7d7837a3e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libintl

libpq

kernel32

advapi32

msvcr100

Sections

.text Size: 35KB - Virtual size: 34KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 7KB

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 72KB - Virtual size: 72KB

.text
Size: 35KB - Virtual size: 34KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 7KB

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 72KB - Virtual size: 72KB