extra
follower
run
scub
Windows 7 will be removed from tria.ge on 2025-03-31
Behavioral task
behavioral1
Sample
UpdaterTag.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
UpdaterTag.dll
Resource
win10v2004-20240802-en
Target
UpdaterTag.dll.exe
Size
60KB
MD5
a8fcaf7b424f715399e961ea53b23efa
SHA1
68d5e064241c48f7352211d4d7fed5a4baa10ce5
SHA256
59eed9c82f60210e2a58df96fe1ab54a7bb96d2c5e7d5d3cc3b16de433b9958b
SHA512
18f4da3a122197ad43f27be3cfa5f50561546f14e92a3627cf876b91930cbc37bccc92b227c4175dd02b6f00a000928df347093ed8cb24420d20dbad8f292771
SSDEEP
768:WzsvRTYS/m6QFON/LbazVJl0NSuycf8buR6ExXPYEgUDP+doLhOhP8v43s:Wzc+jFORXa62ihxzidoLh6P8v43
Detects Latrodectus v1.4.
resource | yara_rule |
---|---|
sample | family_latrodectus_1_4 |
Checks for missing Authenticode signature.
resource |
---|
UpdaterTag.dll.exe |
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PeekNamedPipe
GetLastError
CreateMutexW
MessageBeep
MessageBoxA
extra
follower
run
scub
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.