Re: PostgreSQL\12\bin\pg_ctl.exe - Trojan detected

Hi Magnus,

I apologies for troubling you at this time. But your questions are important I will try to answer all.

1. URL from where I downloaded the installer
https://www.enterprisedb.com/thank-you-downloading-postgresql?anid=1257093

image as below:
[cid:ba9dcf68-3830-4f08-b212-f8811c45046a]

I have not taken checksum of the file.
[cid:e1f8c5f7-4d06-4ffe-810b-fc4a50a436a0]

2. I did scanned the file with the url you below. Attaching the screen shot for your ref.
[cid:2e773f13-c56f-4810-a42b-cc6b22673db7]

Here are some of the details from the details tab. Attaching .pdf also for your reference.
MD5
457c9ea7f38663bd7f425f4418a6dcba
SHA-1
eb8ffab9532224ee2e722013b08311bc91b009d2
SHA-256
076a334a624e71744f5659d5d4576ba88cd064c47a486f0316db85dbbe7cd5b2
Vhash
015056656d15155188z34!z
Authentihash
39c368326cfb7d605ba7228d6fdbc98ad9f680e8c45fda55ef66e305b38c01b7
Imphash
76881c88796d93158906531d1f6a2529
SSDEEP
1536:ixwCY+BeiOs1V8u9TyMYR7PRdUQjqKZZY0Z3n3DJTY3B/eeLuB5oGqZ:ixwCY+siDUQu97PzULKZT3na3nO5oZ
File type
Win32 EXE
Magic
PE32+ executable for MS Windows (console) Mono/.Net assembly
File size
113.50 KB (116224 bytes)

Sir, please do let me know if any more information i can share with you. I will be more than happy to share with you.

________________________________

Thanks and Regards

Manoj Agrawal
manoj(dot)agrawal(at)hotmail(dot)com<mailto:manoj(dot)agrawal(at)hotmail(dot)com>

________________________________
From: Magnus Hagander <magnus(at)hagander(dot)net>
Sent: 22 December 2019 09:08 PM
To: Manoj Agrawal <manoj(dot)agrawal(at)hotmail(dot)com>
Cc: security(at)postgresql(dot)org <security(at)postgresql(dot)org>; pgsql-bugs(at)lists(dot)postgresql(dot)org <pgsql-bugs(at)lists(dot)postgresql(dot)org>
Subject: Re: PostgreSQL\12\bin\pg_ctl.exe - Trojan detected

On Sun, Dec 22, 2019 at 4:26 PM Manoj Agrawal <manoj(dot)agrawal(at)hotmail(dot)com<mailto:manoj(dot)agrawal(at)hotmail(dot)com>> wrote:
Dear PostgreSQL Team,

I am a regular ordinary user of your application.
I apologies for not following your bug and security template. I suppose this will be OK with you.

Kindly look at this screen from Windows 10 machine.

I have downloaded "postgresql-12.1-3-windows-x64.exe" from your website and during installation it is reporting Malware in one of your executable.

Exactly which URL did you download it from? And please provide a checksum (md5, sha1 or similar) of the file downloaded to your system.

PostgreSQL\12\bin\pg_ctl.exe
Threat detected: Trojan:Win32/Detplock
Alert level: Severe
Date: 22-12-2019 07:32 PM
Category: Trojan
Details: This program is dangerous and executes commands from an attacker.

I need you to look into this on priority basis. As I am stuck-up

Hi!

Can you please take the file from your system and upload it to https://www.virustotal.com/gui/home/upload, and let us know what the detection there says? It also gives you a link to the finished analysis, so please post the link to that one as well.

//Magnus