extra
follower
run
scub
Behavioral task
behavioral1
Sample
UpdaterTag.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
UpdaterTag.dll
Resource
win10v2004-20240802-en
Target
UpdaterTag.dll
Size
60KB
MD5
a8fcaf7b424f715399e961ea53b23efa
SHA1
68d5e064241c48f7352211d4d7fed5a4baa10ce5
SHA256
59eed9c82f60210e2a58df96fe1ab54a7bb96d2c5e7d5d3cc3b16de433b9958b
SHA512
18f4da3a122197ad43f27be3cfa5f50561546f14e92a3627cf876b91930cbc37bccc92b227c4175dd02b6f00a000928df347093ed8cb24420d20dbad8f292771
SSDEEP
768:WzsvRTYS/m6QFON/LbazVJl0NSuycf8buR6ExXPYEgUDP+doLhOhP8v43s:Wzc+jFORXa62ihxzidoLh6P8v43
Detects Latrodectus v1.4.
Processes:
resource | yara_rule |
---|---|
sample | family_latrodectus_1_4 |
Checks for missing Authenticode signature.
Processes:
resource |
---|
UpdaterTag.dll |
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PeekNamedPipe
GetLastError
CreateMutexW
MessageBeep
MessageBoxA
extra
follower
run
scub
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ