Behavioral task
behavioral1
Sample
Atualizador_Digital_qa903838029dx938339a3.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Atualizador_Digital_qa903838029dx938339a3.exe
Resource
win10v2004-20240226-en
General
-
Target
d628be337e22253169015fa1790bac66
-
Size
428KB
-
MD5
d628be337e22253169015fa1790bac66
-
SHA1
fc434d3e04a4d94d0654b64493eb18644fef36f9
-
SHA256
5cff70526e400198ce13bc0a7d63e1aaaaaff884e512ba2db74735db9ec7f81c
-
SHA512
8dbc3cebf495b4a85fdfd49e06d6c42827f9b199ce4dca960b04c42c54125b0079187f360d416bad7cfb488b2207bcf77615bde470e203fa706850f4d325b5c4
-
SSDEEP
6144:NuBM+aeBnKkVBoZm2ewrHaAE1/mqW8YGx5ifnQRF59wOh1nTkRks9ccx7qcWFh8:h+aunbVS6UkYGx5yM9FT0tmccM
Malware Config
Signatures
-
resource yara_rule static1/unpack002/Atualizador_Digital_qa903838029dx938339a3.exe upx -
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule static1/unpack003/out.upx autoit_exe -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack002/Atualizador_Digital_qa903838029dx938339a3.exe unpack003/out.upx
Files
-
d628be337e22253169015fa1790bac66.zip
-
Atualizador_Digital_qa903838029dx938339a3.zip.zip
-
Atualizador_Digital_qa903838029dx938339a3.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 744KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 261KB - Virtual size: 264KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 311KB - Virtual size: 312KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 512KB - Virtual size: 512KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 54KB - Virtual size: 54KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 26KB - Virtual size: 105KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 310KB - Virtual size: 309KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ