ploutus | 0106757fac9d10a8e2a22dce5337f404bfa1c44d3cc0c53af3c7539888bc4025[.]zip[.]7z

General

Target

0106757fac9d10a8e2a22dce5337f404bfa1c44d3cc0c53af3c7539888bc4025.zip.7z
Size

32KB
MD5

cce1f1c49d19d95ca04e0fd801d9aa9a
SHA1

8048d3e9ca0c56430eb29d11116c952f354caae1
SHA256

08f5eb636439ef668b599b595456651ae259fd1f1760bddba8192cf74b394ce0
SHA512

fdf82a8a1618da79c5bf5a67955b573c0258bcf685ad0f8d85463e9358c39621510ca2fe8a9d5f848c055ad9bb7ab11b7e55eb8f88ee0aae414eed7431a3f8b7
SSDEEP

768:YWMAg9Y8zA0Bw5ybp8hSz/AXj0YZ8IOGQbu3EuU:zBgVzA0W5I8GoXj0YZ/fU

Score

10^/10

ploutus

Detected Ploutus loader 1 IoCs

Processes:

resource	yara_rule
static1/unpack002/0106757fac9d10a8e2a22dce5337f404bfa1c44d3cc0c53af3c7539888bc4025	family_ploutus

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack002/0106757fac9d10a8e2a22dce5337f404bfa1c44d3cc0c53af3c7539888bc4025

0106757fac9d10a8e2a22dce5337f404bfa1c44d3cc0c53af3c7539888bc4025.zip.7z
.7z

Password: infected
0106757fac9d10a8e2a22dce5337f404bfa1c44d3cc0c53af3c7539888bc4025.zip
.zip

Password: infected
0106757fac9d10a8e2a22dce5337f404bfa1c44d3cc0c53af3c7539888bc4025
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ