home

sedif_pacote_correcao_certificado.exe

Atualizações do SEDIF-SN

ICP-Brasil

The application sedif_pacote_correcao_certificado.exe, “Atualizações do SEDIF-SN Setup ” by ICP-Brasil has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.sefaz.mt.gov.br and multiple other hosts.
Publisher:
SEFAZ   (signed by ICP-Brasil)

Product:
Atualizações do SEDIF-SN

Description:
Atualizações do SEDIF-SN Setup

MD5:
02cd7e4c5a388740a7a0eb9aec2d36b3

SHA-1:
8c9e0cf70482ddbe1efba5d77f15ddc4bea40062

SHA-256:
80e2d1939d73683acb34d84e6586f5c9be6eab5f2a0182605435cc604256d93f

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
5/5/2024 7:10:43 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.CSH (L)
16.12.12.21

Rising Antivirus
Malware.Heuristic!ET (rdm+)
23.00.65.16915

File size:
2.4 MB (2,511,968 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\sedif_pacote_correcao_certificado.exe

Digital Signature
Signed by:
ICP-Brasil

Authority:
ICP-Brasil

Valid from:
1/5/2016 9:00:00 PM

Valid to:
1/4/2017 8:59:59 PM

Subject:
CN=SECRETARIA DA FAZENDA:10572014000133, OU=Autenticado por Certisign Certificadora Digital, OU=RFB e-Codigo A1, OU=Secretaria da Receita Federal do Brasil - RFB, O=ICP-Brasil, C=BR

Issuer:
CN=AC Certisign RFB G4, OU=Secretaria da Receita Federal do Brasil - RFB, O=ICP-Brasil, C=BR

Serial number:
0A6D334D270C79A492F623E0EF8D3551

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:bvt/MzSGDh7QZu3/ThQlR471bEaiJt0LdNoxirVJGvys57:zt/mlrQlR471fBwwcb

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file sedif_pacote_correcao_certificado.exe has been seen being distributed by the following 8 URLs.

https://www.sefaz.mt.gov.br/portal/Tributario/.../sedif_pacote_correcao_certificado.exe

http://portal.sefaz.pi.gov.br/documentoseletronicos/.../sedif_pacote_correcao_certificado.exe

http://www.sefaz.ba.gov.br/contribuinte/informacoes_fiscais/declaracoes/.../sedif_pacote_correcao_certificado.exe

https://www.receita.pb.gov.br/ser/images/docs/downloads/.../sedif_pacote_correcao_certificado.exe

http://www.sef.sc.gov.br/sites/default/.../sedif_pacote_correcao_certificado.exe

http://www.sefaz.mt.gov.br/portal/Tributario/.../sedif_pacote_correcao_certificado.exe

http://downloaddestda.fazenda.sp.gov.br/.../sedif_pacote_correcao_certificado.exe

http://www.sedif.pe.gov.br/.../sedif_pacote_correcao_certificado.exe

Remove sedif_pacote_correcao_certificado.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.