ploutus | 49c9dfce83f63c77a6a8fbea5e03ee781751fed6306c7fdb4cf8659694244b30

Sharing

Copy URL

Twitter E-mail

General

Target

49c9dfce83f63c77a6a8fbea5e03ee781751fed6306c7fdb4cf8659694244b30
Size

129KB
MD5

20254b00201935884467b6384d6f6508
SHA1

6b40dba991a559613e73eb4e1ee0e2a2dd5fbf4f
SHA256

49c9dfce83f63c77a6a8fbea5e03ee781751fed6306c7fdb4cf8659694244b30
SHA512

a50889e03694d1d418ede40b7ea26541948a5bc7bdf90e2e0a0a0bc71fcbc548aa55d62fa898ef837c8defb01be26a34fe9060979b041fb95ec290dbdb5e293e
SSDEEP

3072:zJp3XXTwGouKRZzFPk2I111KYTI1Uk16R86:FpHXroXHMzTy1o

Score

10^/10

ploutus

Malware Config

Signatures

Detected Ploutus loader 1 IoCs

Processes:

resource yara_rule

sample family_ploutus
Ploutus family
ploutus

resource	yara_rule
sample	family_ploutus

Files

49c9dfce83f63c77a6a8fbea5e03ee781751fed6306c7fdb4cf8659694244b30
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:03:6c:e5:7e:eb:5d:1c:c2:be:17:00:00:00:00:03:6c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27-01-2022 19:31

Not After

26-01-2023 19:31

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:a7:58:11:bf:7b:ef:2a:5b:4d:d4:d7:a7:a8:e0:be:b2:7b:f2:73:85:02:6b:aa:b2:3a:2c:53:43:5e:38:d3
Signer

Actual PE Digest

19:a7:58:11:bf:7b:ef:2a:5b:4d:d4:d7:a7:a8:e0:be:b2:7b:f2:73:85:02:6b:aa:b2:3a:2c:53:43:5e:38:d3

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:03:6c:e5:7e:eb:5d:1c:c2:be:17:00:00:00:00:03:6cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

19:a7:58:11:bf:7b:ef:2a:5b:4d:d4:d7:a7:a8:e0:be:b2:7b:f2:73:85:02:6b:aa:b2:3a:2c:53:43:5e:38:d3Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 34KB - Virtual size: 34KB

.rsrc Size: 83KB - Virtual size: 83KB

.reloc Size: 512B - Virtual size: 12B

33:00:00:03:6c:e5:7e:eb:5d:1c:c2:be:17:00:00:00:00:03:6c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

19:a7:58:11:bf:7b:ef:2a:5b:4d:d4:d7:a7:a8:e0:be:b2:7b:f2:73:85:02:6b:aa:b2:3a:2c:53:43:5e:38:d3
Signer

.text
Size: 34KB - Virtual size: 34KB

.rsrc
Size: 83KB - Virtual size: 83KB

.reloc
Size: 512B - Virtual size: 12B