plugx | 005afae5aa5beec765e74b461177dce8342067c29985ef9c683af7e2d92eeef0

Resubmissions

29-11-2022 18:02

221129-wmftgscc67 10

31-01-2022 21:12

220131-z16hvaceh6 8

Sharing

Copy URL

Twitter E-mail

General

Target

005afae5aa5beec765e74b461177dce8342067c29985ef9c683af7e2d92eeef0
Size

149KB
MD5

01f515171b5332a5b888deba32b9d99f
SHA1

20a1b94783ceb41b6e1c476c89fb117efe5f2d3f
SHA256

005afae5aa5beec765e74b461177dce8342067c29985ef9c683af7e2d92eeef0
SHA512

5a88e27058f428bd9c719f66e4019047497ff031a62c22dc4266ffd9f5ab5e321eced9c2d6f5e233ade4680cb41d64aef9df5dcb80af7a5160688cc4c2c11e46
SSDEEP

3072:u8Gphyyk83RMB9ZrjR/BCrrHiGvTFRTQ:YnI88ZrjNBOHiqR

Score

10^/10

plugx

Malware Config

Signatures

Detects PlugX payload 1 IoCs

Processes:

resource yara_rule

sample family_plugx
Plugx family
plugx

resource	yara_rule
sample	family_plugx

Files

005afae5aa5beec765e74b461177dce8342067c29985ef9c683af7e2d92eeef0
.dll windows x86

914fa42a7a2c474c87d5045b8e0b73fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
VirtualFree
GetExitCodeThread
VirtualProtectEx
ResumeThread
VirtualQueryEx
CreateFileMappingW
MapViewOfFile
VirtualProtect
GetFileAttributesW
SetErrorMode
OpenFileMappingW
QueryDosDeviceW
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
FindFirstFileW
FindClose
FindNextFileW
SetFilePointer
SetEndOfFile
FlushFileBuffers
SetFileTime
GetFileTime
CreateDirectoryW
ExpandEnvironmentStringsW
GetLocalTime
GetProcessHeap
HeapFree
lstrcpyW
QueryPerformanceFrequency
QueryPerformanceCounter
CreateNamedPipeW
ConnectNamedPipe
GetOverlappedResult
GetConsoleCP
GetVersionExW
GetConsoleOutputCP
GetConsoleWindow
AllocConsole
SetConsoleCtrlHandler
SetConsoleScreenBufferSize
GetStdHandle
WriteConsoleInputW
GenerateConsoleCtrlEvent
GetConsoleMode
GetConsoleDisplayMode
GetConsoleCursorInfo
GetConsoleScreenBufferInfo
ReadConsoleOutputW
GetSystemDirectoryW
GetWindowsDirectoryW
GetModuleFileNameW
GetSystemDefaultLCID
RemoveDirectoryW
GetComputerNameW
ProcessIdToSessionId
lstrcpynA
ResetEvent
DisconnectNamedPipe
CreateThread
lstrcmpA
LocalAlloc
lstrcatW
OutputDebugStringA
LocalFree
LocalLock
LocalUnlock
PostQueuedCompletionStatus
LocalReAlloc
CreateIoCompletionPort
GetQueuedCompletionStatus
QueueUserAPC
ExitThread
GetCurrentThread
TerminateThread
GetCurrentThreadId
SetUnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
lstrlenW
WriteFile
SetFileAttributesW
ReadFile
GetFileSize
CreateFileW
lstrcpyA
lstrcmpW
lstrcpynW
WaitForMultipleObjects
GetTickCount
CreateEventW
CreateProcessW
Process32NextW
GetCurrentProcessId
Process32FirstW
CreateToolhelp32Snapshot
lstrcmpiW
ExitProcess
GetCurrentProcess
TerminateProcess
GetLastError
CreateMutexW
GetSystemInfo
GetSystemTime
GlobalMemoryStatus
VirtualFreeEx
CreateRemoteThread
VirtualAllocEx
GetModuleHandleA
DeleteFileW
WriteProcessMemory
ReadProcessMemory
GetModuleHandleW
OpenProcess
GetCommandLineW
CloseHandle
WaitForSingleObject
SetEvent
GetProcAddress
LoadLibraryA
FreeConsole
Sleep

user32

GetIconInfo
ExitWindowsEx
GetKeyState
GetAsyncKeyState
GetWindowThreadProcessId
GetClassNameW
GetWindowTextW
GetForegroundWindow
DestroyIcon
DefWindowProcW
CallNextHookEx
LoadCursorW
UnhookWindowsHookEx
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
SetTimer
WindowFromPoint
SetCapture
SetCursorPos
mouse_event
keybd_event
OpenWindowStationW
GetProcessWindowStation
SetProcessWindowStation
OpenInputDesktop
GetThreadDesktop
SetThreadDesktop
CloseWindowStation
PostMessageA
ShowWindow
PostQuitMessage
SetWindowLongW
CreateWindowExW
CloseDesktop
CreateDesktopW
GetSystemMetrics
wsprintfA
MessageBoxW
wsprintfW
SetWindowsHookExW

gdi32

CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
GdiFlush
BitBlt
GetDeviceCaps
DeleteDC
DeleteObject
GetDIBits
CreateDCW
SelectObject

advapi32

DeleteService
CloseServiceHandle
StartServiceW
ChangeServiceConfig2W
CreateServiceW
OpenServiceW
OpenSCManagerW
InitiateSystemShutdownA
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryValueExW
EnumServicesStatusExW
QueryServiceConfigW
QueryServiceConfig2W
ControlService
ChangeServiceConfigW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegDeleteValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameW
LookupAccountSidW
GetLengthSid
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
RegEnumValueA
RevertToSelf
RegEnumValueW
QueryServiceStatusEx

shell32

SHFileOperationW
CommandLineToArgvW
ExtractIconExW

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize

oleaut32

VariantClear

odbc32

ord136
ord43
ord13
ord127
ord18
ord61
ord111
ord9
ord141
ord75
ord24
ord171
ord31
ord157
ord2

ws2_32

WSARecvFrom
setsockopt
WSAIoctl
WSASocketA
getsockname
bind
WSASendTo
WSACleanup
WSAGetLastError
WSAStartup
closesocket

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

914fa42a7a2c474c87d5045b8e0b73fb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

odbc32

ws2_32

Sections

.text Size: 123KB - Virtual size: 123KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 1KB - Virtual size: 16KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 123KB - Virtual size: 123KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 1KB - Virtual size: 16KB

.reloc
Size: 10KB - Virtual size: 10KB