» PRAUP-462.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (1)

PRAUP-462.exe

Prático Update

Getech Servicos

This is a setup program which is used to install the application. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘PraticoUpdate2011PraSP’. The file has been seen being downloaded from praticonet.com.br.

File name:

PRAUP-462.exe

Publisher:

Getech Serviços (signed by Getech Servicos)

Product:

Prático Update

Version:

6.01.0462

MD5:

bcdd324f5d0f0fe007f3a1e3de058c84

SHA-1:

feb478d13036df7d93deb8d61544fa69be66304b

SHA-256:

a0283e1df574bb59535215779d31c1407b274b500ecad5bd86672e9dc0e3bf02

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

5/16/2024 4:41:50 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.VbCrypt.250

9.0.1.05190

File size:

56.8 KB (58,208 bytes)

Product version:

6.01.0462

Getech Serviços

Trademarks:

http://www.praticobr.com

Original file name:

PRAUP-462.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Digital Signature

Signed by:

Getech Servicos

Authority:

Getech Servicos

Valid from:

9/9/2015 9:42:29 AM

Valid to:

9/8/2016 9:42:29 AM

Subject:

E=germano@praticonet.com.br, CN=Germano, OU=Getech Servicos, O=Getech Servicos, L=Teresina, S=Piaui, C=BR

Issuer:

E=germano@praticonet.com.br, CN=Germano, OU=Getech Servicos, O=Getech Servicos, L=Teresina, S=Piaui, C=BR

Serial number:

009BEB079A01F41DD2

File PE Metadata

Compilation timestamp:

2/24/2016 9:59:27 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:bYOyYox/cUuwpx/OSWdyhDUERRIJN9fM5nouy8B7:btyYGFhXoyhDvRKN9AoutB7

Entry address:

0x31E30

Entry point:

60, BE, 00, 60, 42, 00, 8D, BE, 00, B0, FD, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, A8, F9, 02, 00, 57, 83, C3, 04, 53, 68, 20, BE, 00, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Code size:

52 KB (53,248 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

PraticoUpdate2011PraSP

Command:

C:\sistema\prasp\praup-462.exe

The file PRAUP-462.exe has been seen being distributed by the following URL.

http://praticonet.com.br/update2011/.../PRAUP-462.exe&rd=310F9421A2&keycli=C265153A8B&computer=pax_01

Scan PRAUP-462.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.