ploutus | 45dde36b33697e9362890f0c0291d480507bc4ead5fbced959d1525a5eec08f8

Sharing

Copy URL Twitter E-mail

General

Target

45dde36b33697e9362890f0c0291d480507bc4ead5fbced959d1525a5eec08f8
Size

289KB
MD5

258c4ac09701d97a874cc3fb4f2c0f17
SHA1

012f3d062e011d9a845ac6287f5dd80a355cdc7d
SHA256

45dde36b33697e9362890f0c0291d480507bc4ead5fbced959d1525a5eec08f8
SHA512

f7779b88e9ff8f789a4d3674befbbb933f39001d1a6369f1d6bbbdbc1d4ffc47563d88f3450626ad5276b5c64c6602c39df6728b5168f81c7916eadff38824c4
SSDEEP

6144:rHeQEzSuqdtPbg84tb7gBY8xym4r6UINl10uBKHMzTy1l:rHeVS3bgNoB2NeUIfKHfl

Score

10^/10

ploutus

Malware Config

Signatures

Detected Ploutus loader 1 IoCs

resource	yara_rule
sample	family_ploutus

Ploutus family
ploutus

Files

45dde36b33697e9362890f0c0291d480507bc4ead5fbced959d1525a5eec08f8
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:03:6c:e5:7e:eb:5d:1c:c2:be:17:00:00:00:00:03:6c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/01/2022, 19:31

Not After

26/01/2023, 19:31

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:33:29:a8:b1:0f:31:76:90:a6:b9:c7:a9:17:81:07:95:70:9c:4f:07:40:de:4c:6a:bb:ef:4d:45:61:7c:8f
Signer

Actual PE Digest

7d:33:29:a8:b1:0f:31:76:90:a6:b9:c7:a9:17:81:07:95:70:9c:4f:07:40:de:4c:6a:bb:ef:4d:45:61:7c:8f

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdata
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:03:6c:e5:7e:eb:5d:1c:c2:be:17:00:00:00:00:03:6cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

7d:33:29:a8:b1:0f:31:76:90:a6:b9:c7:a9:17:81:07:95:70:9c:4f:07:40:de:4c:6a:bb:ef:4d:45:61:7c:8fSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 194KB - Virtual size: 194KB

.sdata Size: 1024B - Virtual size: 744B

.rsrc Size: 82KB - Virtual size: 82KB

.reloc Size: 512B - Virtual size: 12B

33:00:00:03:6c:e5:7e:eb:5d:1c:c2:be:17:00:00:00:00:03:6c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

7d:33:29:a8:b1:0f:31:76:90:a6:b9:c7:a9:17:81:07:95:70:9c:4f:07:40:de:4c:6a:bb:ef:4d:45:61:7c:8f
Signer

.text
Size: 194KB - Virtual size: 194KB

.sdata
Size: 1024B - Virtual size: 744B

.rsrc
Size: 82KB - Virtual size: 82KB

.reloc
Size: 512B - Virtual size: 12B