From: | Manoj Agrawal <manoj(dot)agrawal(at)hotmail(dot)com> |
---|---|
To: | Magnus Hagander <magnus(at)hagander(dot)net> |
Cc: | "security(at)postgresql(dot)org" <security(at)postgresql(dot)org>, "pgsql-bugs(at)lists(dot)postgresql(dot)org" <pgsql-bugs(at)lists(dot)postgresql(dot)org> |
Subject: | Re: PostgreSQL\12\bin\pg_ctl.exe - Trojan detected |
Date: | 2019-12-22 16:03:14 |
Message-ID: | CH2PR02MB611702812211D23E60C809F0E92F0@CH2PR02MB6117.namprd02.prod.outlook.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
Hi Magnus,
I apologies for troubling you at this time. But your questions are important I will try to answer all.
1. URL from where I downloaded the installer
https://www.enterprisedb.com/thank-you-downloading-postgresql?anid=1257093
image as below:
[cid:ba9dcf68-3830-4f08-b212-f8811c45046a]
I have not taken checksum of the file.
[cid:e1f8c5f7-4d06-4ffe-810b-fc4a50a436a0]
2. I did scanned the file with the url you below. Attaching the screen shot for your ref.
[cid:2e773f13-c56f-4810-a42b-cc6b22673db7]
Here are some of the details from the details tab. Attaching .pdf also for your reference.
MD5
457c9ea7f38663bd7f425f4418a6dcba
SHA-1
eb8ffab9532224ee2e722013b08311bc91b009d2
SHA-256
076a334a624e71744f5659d5d4576ba88cd064c47a486f0316db85dbbe7cd5b2
Vhash
015056656d15155188z34!z
Authentihash
39c368326cfb7d605ba7228d6fdbc98ad9f680e8c45fda55ef66e305b38c01b7
Imphash
76881c88796d93158906531d1f6a2529
SSDEEP
1536:ixwCY+BeiOs1V8u9TyMYR7PRdUQjqKZZY0Z3n3DJTY3B/eeLuB5oGqZ:ixwCY+siDUQu97PzULKZT3na3nO5oZ
File type
Win32 EXE
Magic
PE32+ executable for MS Windows (console) Mono/.Net assembly
File size
113.50 KB (116224 bytes)
Sir, please do let me know if any more information i can share with you. I will be more than happy to share with you.
________________________________
Thanks and Regards
Manoj Agrawal
manoj(dot)agrawal(at)hotmail(dot)com<mailto:manoj(dot)agrawal(at)hotmail(dot)com>
________________________________
From: Magnus Hagander <magnus(at)hagander(dot)net>
Sent: 22 December 2019 09:08 PM
To: Manoj Agrawal <manoj(dot)agrawal(at)hotmail(dot)com>
Cc: security(at)postgresql(dot)org <security(at)postgresql(dot)org>; pgsql-bugs(at)lists(dot)postgresql(dot)org <pgsql-bugs(at)lists(dot)postgresql(dot)org>
Subject: Re: PostgreSQL\12\bin\pg_ctl.exe - Trojan detected
On Sun, Dec 22, 2019 at 4:26 PM Manoj Agrawal <manoj(dot)agrawal(at)hotmail(dot)com<mailto:manoj(dot)agrawal(at)hotmail(dot)com>> wrote:
Dear PostgreSQL Team,
I am a regular ordinary user of your application.
I apologies for not following your bug and security template. I suppose this will be OK with you.
Kindly look at this screen from Windows 10 machine.
I have downloaded "postgresql-12.1-3-windows-x64.exe" from your website and during installation it is reporting Malware in one of your executable.
Exactly which URL did you download it from? And please provide a checksum (md5, sha1 or similar) of the file downloaded to your system.
PostgreSQL\12\bin\pg_ctl.exe
Threat detected: Trojan:Win32/Detplock
Alert level: Severe
Date: 22-12-2019 07:32 PM
Category: Trojan
Details: This program is dangerous and executes commands from an attacker.
I need you to look into this on priority basis. As I am stuck-up
Hi!
Can you please take the file from your system and upload it to https://www.virustotal.com/gui/home/upload, and let us know what the detection there says? It also gives you a link to the finished analysis, so please post the link to that one as well.
//Magnus
Attachment | Content-Type | Size |
---|---|---|
pg_ctl.exe.pdf | application/pdf | 274.6 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | PG Bug reporting form | 2019-12-22 22:53:04 | BUG #16177: pg_event_trigger_ddl_commands() returns empty set for ddl_command_start and "drop table" |
Previous Message | Andres Freund | 2019-12-22 15:48:45 | Re: PostgreSQL\12\bin\pg_ctl.exe - Trojan detected |