platon[.]exe | Triage

Resubmissions

14/06/2023, 14:55

230614-sapn3sad34 3

14/06/2023, 14:12

230614-rjbcdahh96 3

Sharing

Copy URL Twitter E-mail

General

Target

platon.exe
Size

4.5MB
MD5

b9494dd601497a617459dbcd85cacd39
SHA1

d0c913e4024504e809a82562789d037fa4d753e0
SHA256

71e9cf13a84a22af7d0dc796088631d9256d35b729c91ae78693bc331f8532ed
SHA512

9c3fdeac6e551f92869f6122eb2ce51361d3971d29f9d66dadca98412c4ab439ed0fc6719e8f2a01d5251c7efca65e01c9e5c6132c5b916d349a2b15f58b5949
SSDEEP

98304:aw0RCXmt3iebxIIAcGPY77KKf83cUcXNnckqgccAM+zX8xf8ZJCxhp7/SV5bkbCR:aLZt3iebn6PY77KKf83cU6ckqgwM+zX8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
platon.exe

Files

platon.exe
.exe windows x86

505ce91296ce46f395339301b4764de5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

salflibc

__throw_temporary_ptr
__SALFORD_MAP
__undefined_function
WSF1##
RSU1##
RSF1##
CCOMP#
CH#WSF
ENDF##
INQR##
CLOS##
__adjust_stack_f
__CONCAT
WSF2#
CH#RSF
INDEX9#
OPEN##
XXRR##
XSUX#
R4#WSF
WSU2#
XXJJ##
ASIN#X
__CCOPY
RWIN##
WSU1##
I4#WSF
BACK##
COMMAND_ARGUMENT_COUNT
GET_COMMAND_ARGUMENT
I4#RSF
ALOG#X
XXRJ##
ACOS#X
__DEALLOCATE
__ALLOCATE1
__alloc_times
DTN2#X
R4#RSF
EXP#X
AL10#X
TANH#X
WDU1##
RDU1##
WDU2#
D8#WSF
GET_ENVIRONMENT_VARIABLE
D8#RSF
DATE_AND_TIME#J
EXECUTE_COMMAND_LINE
XXDJ##
XXDD##
EXIT1#
__FTN95INIT1_
WINDOW_PRINTF##
DOSPARAM#
MAKE_CSTRING#
__create_window
setMaxLines
__set_default_window
__update_window
__get_clearwin_text
WRITEF#
CLOSEF#
get_default_window
OPENW#
__send_text_message
GET_CSTRING#
START_PPROCESS#
SUPPRESS_CMD_BOX#
CISSUE#
START_PROCESS#
TIME#
EDATE#
EXIT#
ABORT#
CLEAR_SCREEN_AREA#
DRAW_LINE#
FILL_RECTANGLE#
DRAW_TEXT#
SET_PIXEL#
__perform_graphics_update
CLEARWIN_STRING#
CLEARWIN_INFO#
__use_url
GET_WKEY1#
RGB#
__select_graphics_object
__select_font
__scale_font
__bold_font
__set_line_width
WINDOW_UPDATE#
__read_url
__set_dpi_awareness
L4#WSF
ADJUSTL#
GET_PROGRAM_NAME#
CPU_TIME_R4#
COMMAND_LINE
__vd_info_address
__init_cpplib_info
LIBMAIN#
GetLastError
__get_main_arguments
GetWindow
sprintf
__Put_exception_message
__ctype_ptr_address
strlwr
__stdout_address
__Register_map_info
__stderr_address
_scc_lib_version
GetModuleFileNameA
__cout_address
__initialise_cpplib
____console_stdout_address
__cerr_address
__initialise_sccdll
mprintf0
__cin_address
__errno_address
strerror
LibMain
GetVersion
GetModuleHandleA
____console_stdin_address
strcat
__salf_exception_handler
WinMain
exit
__special_flags_address
__get_virtual_common_block
__stdin_address
__Put_exception_title
____console_stderr_address
__init_WindowsType
__General_shared_address
__WindowsType_address

user32

DestroyWindow
FindWindowA
GetSystemMetrics
GetWindowDC
ReleaseDC
SetFocus

gdi32

GetDeviceCaps

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

SetEnvironmentVariableA

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 413.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.comment
Size: 1024B - Virtual size: 570B

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.salfmap
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.salfsys
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.salfvc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

505ce91296ce46f395339301b4764de5

Headers

File Characteristics

Imports

salflibc

user32

gdi32

advapi32

kernel32

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.bss Size: - Virtual size: 413.3MB

.comment Size: 1024B - Virtual size: 570B

.data Size: 1.2MB - Virtual size: 1.2MB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 12B

.salfmap Size: 16KB - Virtual size: 16KB

.salfsys Size: 512B - Virtual size: 24B

.salfvc Size: 512B - Virtual size: 44B

.reloc Size: 295KB - Virtual size: 295KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.bss
Size: - Virtual size: 413.3MB

.comment
Size: 1024B - Virtual size: 570B

.data
Size: 1.2MB - Virtual size: 1.2MB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 12B

.salfmap
Size: 16KB - Virtual size: 16KB

.salfsys
Size: 512B - Virtual size: 24B

.salfvc
Size: 512B - Virtual size: 44B

.reloc
Size: 295KB - Virtual size: 295KB