plugx | 7277576120[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

7277576120.zip
Size

116KB
MD5

12f2d6149062466403d2a31d6421191d
SHA1

b4f197bd5e77aba05d60d6970af3c2109639ac20
SHA256

bca49713355aa5e4b14255f7f19e33dba2a0c5d81328e0c3726268ce362015ee
SHA512

c48b85116d8f3ee282dda439a6009ed1c3c2ef2ebb57f6e30d143729309d87092a3cc5a8701ac786f04ac68d9c17e75a8283a26a42206a305d08eba0ce09b58b
SSDEEP

3072:3Jezh9Of9YhUIVfQl7dVFQsfGbB0pW8cM/p4ORS:g9Ofihf9QlNQsfG9QW8cMR43

Score

10^/10

plugx

Malware Config

Signatures

PlugX Rat Payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/3cf78a6d0244c33a14905f91f9912e2c7255c3247313456ca4eec93a7839abbd	family_plugx

Plugx family
plugx

Files

7277576120.zip
.zip

Password: infected
3cf78a6d0244c33a14905f91f9912e2c7255c3247313456ca4eec93a7839abbd
.dll windows x86

4e93f006a7a217646c4deea8a050114b

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResumeThread
VirtualQueryEx
CreateFileMappingW
MapViewOfFile
VirtualProtect
GetFileAttributesW
SetErrorMode
OpenFileMappingW
SetFilePointer
SetEndOfFile
GlobalLock
GetLocalTime
GlobalUnlock
QueryDosDeviceW
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
FindFirstFileW
FindClose
FindNextFileW
FlushFileBuffers
SetFileTime
GetFileTime
CreateDirectoryW
ExpandEnvironmentStringsW
GetProcessHeap
HeapFree
lstrcpyW
QueryPerformanceFrequency
QueryPerformanceCounter
CreateNamedPipeW
ConnectNamedPipe
GetOverlappedResult
GetConsoleCP
FreeConsole
GetConsoleOutputCP
GetConsoleWindow
AllocConsole
SetConsoleCtrlHandler
GetModuleHandleA
GetStdHandle
WriteConsoleInputW
GenerateConsoleCtrlEvent
GetConsoleMode
GetConsoleDisplayMode
GetConsoleCursorInfo
GetConsoleScreenBufferInfo
ReadConsoleOutputW
GetSystemDirectoryW
GetWindowsDirectoryW
GetModuleFileNameW
GetModuleHandleW
RemoveDirectoryW
GetComputerNameW
ProcessIdToSessionId
lstrcpynA
ResetEvent
VirtualProtectEx
CreateThread
lstrcmpA
ExitThread
LocalAlloc
lstrcatW
OutputDebugStringA
LocalFree
LocalLock
LocalUnlock
PostQueuedCompletionStatus
LocalReAlloc
CreateIoCompletionPort
TerminateThread
GetCurrentThread
GetQueuedCompletionStatus
QueueUserAPC
GlobalMemoryStatus
DeleteFileW
WriteProcessMemory
ReadProcessMemory
OpenProcess
GetVersionExW
GetCurrentThreadId
SetUnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
lstrlenW
WriteFile
SetFileAttributesW
ReadFile
GetFileSize
CreateFileW
lstrcpyA
lstrcmpW
lstrcpynW
WaitForMultipleObjects
GetTickCount
CreateEventW
CreateProcessW
GetCurrentProcessId
lstrcmpiW
ExitProcess
GetCurrentProcess
TerminateProcess
GetLastError
CreateMutexW
GetCommandLineW
VirtualFreeEx
VirtualAllocEx
GetExitCodeThread
VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
GetSystemDefaultLCID
GetSystemInfo
DisconnectNamedPipe
GetSystemTime
CloseHandle
WaitForSingleObject
SetEvent
GetProcAddress
LoadLibraryA
SetConsoleScreenBufferSize
Sleep

user32

GetAsyncKeyState
GetWindowThreadProcessId
GetClassNameW
GetWindowTextW
GetForegroundWindow
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
CloseDesktop
CreateDesktopW
GetKeyState
DispatchMessageW
TranslateMessage
GetMessageW
SetTimer
ExitWindowsEx
GetIconInfo
DestroyIcon
SetWindowLongW
CloseClipboard
GetClipboardData
OpenClipboard
GetPriorityClipboardFormat
DefWindowProcW
LoadCursorW
WindowFromPoint
SetCapture
SetCursorPos
mouse_event
keybd_event
OpenWindowStationW
GetProcessWindowStation
SetProcessWindowStation
OpenInputDesktop
GetThreadDesktop
SetThreadDesktop
CloseWindowStation
PostMessageA
ShowWindow
KillTimer
EndPaint
BeginPaint
PostQuitMessage
ChangeClipboardChain
SetClipboardViewer
DefWindowProcA
GetSystemMetrics
wsprintfA
MessageBoxW
wsprintfW
CreateWindowExW

gdi32

CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
GdiFlush
BitBlt
GetDeviceCaps
DeleteDC
DeleteObject
GetDIBits
CreateDCW
SelectObject

advapi32

QueryServiceStatusEx
StartServiceW
ChangeServiceConfig2W
CreateServiceW
OpenServiceW
OpenSCManagerW
DeleteService
InitiateSystemShutdownA
DuplicateTokenEx
CreateProcessAsUserW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryValueExW
EnumServicesStatusExW
QueryServiceConfigW
QueryServiceConfig2W
ControlService
ChangeServiceConfigW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegDeleteValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameW
LookupAccountSidW
GetLengthSid
SetTokenInformation
RegEnumValueA
ImpersonateLoggedOnUser
RegOpenCurrentUser
RegOverridePredefKey
RevertToSelf
RegEnumValueW
CloseServiceHandle

shell32

ExtractIconExW
CommandLineToArgvW
SHFileOperationW

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize

oleaut32

VariantClear

odbc32

ord136
ord43
ord13
ord127
ord18
ord61
ord111
ord9
ord141
ord75
ord24
ord171
ord31
ord157
ord2

wtsapi32

WTSEnumerateProcessesW

ws2_32

setsockopt
closesocket
WSARecvFrom
WSASocketA
getsockname
bind
WSASendTo
WSACleanup
WSAGetLastError
WSAStartup
WSAIoctl

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

4e93f006a7a217646c4deea8a050114b

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

odbc32

wtsapi32

ws2_32

Sections

.text Size: 125KB - Virtual size: 124KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 40KB - Virtual size: 55KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 125KB - Virtual size: 124KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 40KB - Virtual size: 55KB

.reloc
Size: 11KB - Virtual size: 10KB