ploutus | 21eeae024b237a5bae016ed7763929a1dcecfc1f32cb66089e9fb4fe235016fc

Sharing

Copy URL

Twitter E-mail

General

Target

21eeae024b237a5bae016ed7763929a1dcecfc1f32cb66089e9fb4fe235016fc
Size

124KB
MD5

6cf781a06d1a2789e1d442e22a260044
SHA1

14887597805d31f9a1c62f4b681c11d2e3d9949d
SHA256

21eeae024b237a5bae016ed7763929a1dcecfc1f32cb66089e9fb4fe235016fc
SHA512

00e18a0f156e39f018bd8661806ddae68478c821bb4167b99580f0017e7d790744be5b76d34795619f61fdb86113e1d626d78b159545cb632fdd297815960c5f
SSDEEP

3072:dKw0qsz0q9RZzFPk2I111KYTI1Uk19p86:n0q0jHMzTy1D

Score

10^/10

ploutus

Malware Config

Signatures

Detected Ploutus loader 1 IoCs

Processes:

resource yara_rule

sample family_ploutus
Ploutus family
ploutus

resource	yara_rule
sample	family_ploutus

Files

21eeae024b237a5bae016ed7763929a1dcecfc1f32cb66089e9fb4fe235016fc
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:03:6c:e5:7e:eb:5d:1c:c2:be:17:00:00:00:00:03:6c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27-01-2022 19:31

Not After

26-01-2023 19:31

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b5:40:11:d5:4f:ee:c4:0e:5e:7d:00:ee:1a:df:f5:e3:6a:7e:2f:8c:38:34:ed:56:49:f9:97:29:3e:a2:4d:4f
Signer

Actual PE Digest

b5:40:11:d5:4f:ee:c4:0e:5e:7d:00:ee:1a:df:f5:e3:6a:7e:2f:8c:38:34:ed:56:49:f9:97:29:3e:a2:4d:4f

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:03:6c:e5:7e:eb:5d:1c:c2:be:17:00:00:00:00:03:6cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

b5:40:11:d5:4f:ee:c4:0e:5e:7d:00:ee:1a:df:f5:e3:6a:7e:2f:8c:38:34:ed:56:49:f9:97:29:3e:a2:4d:4fSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 29KB - Virtual size: 29KB

.rsrc Size: 83KB - Virtual size: 83KB

.reloc Size: 512B - Virtual size: 12B

33:00:00:03:6c:e5:7e:eb:5d:1c:c2:be:17:00:00:00:00:03:6c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

b5:40:11:d5:4f:ee:c4:0e:5e:7d:00:ee:1a:df:f5:e3:6a:7e:2f:8c:38:34:ed:56:49:f9:97:29:3e:a2:4d:4f
Signer

.text
Size: 29KB - Virtual size: 29KB

.rsrc
Size: 83KB - Virtual size: 83KB

.reloc
Size: 512B - Virtual size: 12B