2b6fd8d98eaa8d274b6b3e0c29d5e810N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2b6fd8d98eaa8d274b6b3e0c29d5e810N.exe
Size

646KB
MD5

2b6fd8d98eaa8d274b6b3e0c29d5e810
SHA1

a3510ebbbac70a6a852824a20d7993702f71e740
SHA256

d519380a1481140ed637381ee8ddbac87f7d44e8fdbd5e0c9c4d693302234651
SHA512

9ea442782e1ea92f695b0427cf2708f86fd3efb96c8473626a6cdd659c152bfeb2412b24a748624acb298427e5a77608a8d29b799fc127bbf54ce2d65f08f878
SSDEEP

12288:p9CISL6Jc8Tp/SInr8vv2BDeT+bVYHTb3FRk/rMNxaXqqlPbJKTGv5DYFXOBnXRr:XCISL6Jc81/i328ab4F+rM/aXq6bJfB9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b6fd8d98eaa8d274b6b3e0c29d5e810N.exe

Files

2b6fd8d98eaa8d274b6b3e0c29d5e810N.exe
.exe windows:5 windows x86 arch:x86

7b239e7828d43a64a01a182da7652361

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\pginstaller.auto\postgres.windows\Release\pg_ctl\pg_ctl.pdb

Imports

libintl-8

libintl_textdomain
libintl_gettext
libintl_bindtextdomain

libpq

ord158
ord91
ord77

kernel32

CreatePipe
GetCurrentDirectoryA
GetModuleHandleA
SetEnvironmentVariableA
SleepEx
OpenProcess
TerminateProcess
CallNamedPipeA
DeviceIoControl
DuplicateHandle
CreateDirectoryA
RemoveDirectoryA
CreateFileA
GetFileAttributesA
GetFileAttributesExA
MoveFileExA
MultiByteToWideChar
WideCharToMultiByte
ReadFile
LocalFree
LocalAlloc
VerifyVersionInfoW
CreateProcessA
LoadLibraryA
CreateEventA
CloseHandle
WaitForMultipleObjects
WaitForSingleObject
SetEvent
ResumeThread
GetLastError
GetCurrentProcess
GetProcAddress
FreeLibrary
VerSetConditionMask
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
FormatMessageA
DecodePointer
EncodePointer
GetSystemTimeAsFileTime

advapi32

GetAce
AddAce
GetAclInformation
InitializeAcl
GetLengthSid
SetTokenInformation
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
CloseServiceHandle
CreateProcessAsUserA
FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
ReportEventA
RegisterEventSourceA
AddAccessAllowedAceEx

msvcr120

fputs
fscanf
fclose
_pclose
puts
setvbuf
_errno
_unlink
atoi
atol
getenv
free
malloc
strchr
strcspn
strerror
strstr
_fstat32
_time32
memcpy
memset
fputc
strncpy
isalpha
realloc
_putenv
abort
strncmp
isupper
islower
toupper
tolower
fwrite
sprintf
memmove
fopen
isdigit
_dclass
_stat32
_popen
system
setlocale
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__initenv
_fmode
_commode
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_invoke_watson
_controlfp_s
_except_handler4_common
_strdup
_umask
__iob_func
fgets
fflush
strrchr
feof
_getcwd
ftell
exit
_getpid
_close
_open
_read

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 592KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7b239e7828d43a64a01a182da7652361

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libintl-8

libpq

kernel32

advapi32

msvcr120

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 7KB

.rsrc Size: 592KB - Virtual size: 596KB

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 7KB

.rsrc
Size: 592KB - Virtual size: 596KB