31fb7a0935140ce8ccf34b7a5fb61070N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

31fb7a0935140ce8ccf34b7a5fb61070N.exe
Size

234KB
MD5

31fb7a0935140ce8ccf34b7a5fb61070
SHA1

efeca96285e30e4961f9cf63b882aaf076805a2e
SHA256

691e8caf454b8fda9a664df6f8bb0f4c910089b7fb3e20f6a6017395f142b75c
SHA512

e41c1b9992a03d23cfa8e768a94254f215255b3d7050aedb6f1532eabfebbe9361266dac620431606a2b541eb16cb69e3ae0abc6190fa3e8279ed42db3b5e813
SSDEEP

6144:IbLfvGqmc8VFTmMv8+OYLUVuo7iRf/KZa2/I0KGZ:O+quDuBYLfnKZa2QW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31fb7a0935140ce8ccf34b7a5fb61070N.exe

Files

31fb7a0935140ce8ccf34b7a5fb61070N.exe
.exe windows:6 windows x64 arch:x64

8d284e9317f304160d3ce93506205419

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\jenkins\workspace\postgresql-windows-x64-build\postgresql-16.2\Release\pg_restore\pg_restore.pdb

Imports

zlib

deflateEnd
gzopen
inflateInit_
deflateInit_
gzerror
gzclose
gzeof
gzgetc
gzgets
gzwrite
gzread
gzdopen
inflateEnd
inflate
deflate

libpq

ord45
ord156
ord77
ord76
ord70
ord90
ord91
ord75
ord130
ord185
ord64
ord126
ord72
ord104
ord103
ord24
ord20
ord138
ord140
ord113
ord97
ord96
ord14
ord9
ord4
ord68
ord67
ord69
ord123
ord56
ord54
ord53
ord15
ord7
ord48
ord33
ord21
ord122
ord121
ord120
ord34

ws2_32

WSAGetLastError
WSAStartup
socket
send
select
recv
listen
getsockname
connect
closesocket
bind
accept
__WSAFDIsSet

kernel32

GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
WriteFile
SleepEx
GetFileType
GetProcAddress
GetModuleHandleExA
FreeLibrary
SetEnvironmentVariableA
WideCharToMultiByte
MultiByteToWideChar
MoveFileExA
DeviceIoControl
RemoveDirectoryA
CreateDirectoryA
GetCurrentProcessId
GetFileAttributesA
FindNextFileA
FindFirstFileA
FindClose
CreateFileA
GetFileInformationByHandle
FormatMessageA
LoadLibraryExA
LocalFree
LocalAlloc
GetLastError
SetConsoleMode
GetConsoleMode
GetStdHandle
SetConsoleCtrlHandler
TlsSetValue
TlsGetValue
TlsAlloc
TerminateThread
GetCurrentThreadId
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
GetSystemTimeAsFileTime
GetModuleHandleW
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetShortPathNameA

advapi32

GetAclInformation
SetTokenInformation
InitializeAcl
GetTokenInformation
GetLengthSid
AddAce
AddAccessAllowedAceEx
GetAce

vcruntime140

__C_specific_handler
strrchr
memset
memcpy
memcmp
strchr
memmove
strstr
__std_type_info_destroy_list
__intrinsic_setjmp

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
realloc
free

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_cexit
exit
__p___argv
__p___argc
_exit
abort
_seh_filter_dll
_initterm
_initialize_onexit_table
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_endthreadex
_set_app_type
_seh_filter_exe
system
_beginthreadex
perror
_register_onexit_function
_errno
_crt_at_quick_exit
_execute_onexit_table
strerror
_crt_atexit
terminate
_initterm_e
_wassert

api-ms-win-crt-stdio-l1-1-0

_open_osfhandle
_dup
_fseeki64
_ftelli64
_close
__stdio_common_vsprintf
_pclose
_get_osfhandle
_popen
fputs
_fileno
_commit
fclose
feof
setvbuf
fgetc
_isatty
puts
fgets
_set_fmode
fread
_tempnam
getc
fputc
fwrite
_setmode
_getcwd
__p__commode
_write
ferror
__stdio_common_vsscanf
fflush
__acrt_iob_func

api-ms-win-crt-string-l1-1-0

isalpha
tolower
toupper
islower
strtok
strnlen
_strdup
isupper
strspn
strncmp
strcmp
isalnum
isspace
strcspn

api-ms-win-crt-convert-l1-1-0

strtoul
atoi
strtol

api-ms-win-crt-time-l1-1-0

_localtime64
strftime
_mktime64
_time64

api-ms-win-crt-environment-l1-1-0

getenv
_putenv

api-ms-win-crt-filesystem-l1-1-0

_access
_fullpath
_umask
_mkdir
_unlink
_rmdir

api-ms-win-crt-math-l1-1-0

_fdopen
_dclass
__setusermatherr

api-ms-win-crt-locale-l1-1-0

setlocale
_configthreadlocale

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d284e9317f304160d3ce93506205419

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

zlib

libpq

ws2_32

kernel32

advapi32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 129KB - Virtual size: 129KB

.rdata Size: 70KB - Virtual size: 69KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 8KB - Virtual size: 7KB

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 1024B - Virtual size: 572B

.text
Size: 129KB - Virtual size: 129KB

.rdata
Size: 70KB - Virtual size: 69KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 1024B - Virtual size: 572B