ploutus | bfd1e7d1e54199b192ab749ee10481b45607f5ad527a1f3f57dc1184e1b556ac

Sharing

Copy URL

Twitter E-mail

General

Target

bfd1e7d1e54199b192ab749ee10481b45607f5ad527a1f3f57dc1184e1b556ac
Size

326KB
MD5

5617d8ab4b0fc15232aad11758b00709
SHA1

69344826699f76b46312db85cfb2a9897ef0a92e
SHA256

bfd1e7d1e54199b192ab749ee10481b45607f5ad527a1f3f57dc1184e1b556ac
SHA512

cf21a10f513dbbdcc5af83abe9353cb869c2d1acbe62541e8d68d7aa41ef163dd22f9298341d7c4ffbeea2d8492592ffd69e4497de035f2ca587c3cea7e5dc60
SSDEEP

6144:2XrWREQmfioxTH+zHVt2DhLxZ8e5u6NMxZgkvmkdm6zHMzTy1SVY:i7TeSdg77Hf+Y

Score

10^/10

ploutus

Malware Config

Signatures

Detected Ploutus loader 1 IoCs

Processes:

resource yara_rule

sample family_ploutus
Ploutus family
ploutus

resource	yara_rule
sample	family_ploutus

Files

bfd1e7d1e54199b192ab749ee10481b45607f5ad527a1f3f57dc1184e1b556ac
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:03:6c:e5:7e:eb:5d:1c:c2:be:17:00:00:00:00:03:6c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27-01-2022 19:31

Not After

26-01-2023 19:31

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ef:7f:cd:d0:f1:65:5b:c2:c3:bf:65:e8:a3:5e:d6:b9:ae:36:88:f7:d0:c5:18:72:77:4f:3b:85:36:40:74:76
Signer

Actual PE Digest

ef:7f:cd:d0:f1:65:5b:c2:c3:bf:65:e8:a3:5e:d6:b9:ae:36:88:f7:d0:c5:18:72:77:4f:3b:85:36:40:74:76

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:03:6c:e5:7e:eb:5d:1c:c2:be:17:00:00:00:00:03:6cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

ef:7f:cd:d0:f1:65:5b:c2:c3:bf:65:e8:a3:5e:d6:b9:ae:36:88:f7:d0:c5:18:72:77:4f:3b:85:36:40:74:76Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 227KB - Virtual size: 226KB

.sdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 85KB - Virtual size: 85KB

.reloc Size: 512B - Virtual size: 12B

33:00:00:03:6c:e5:7e:eb:5d:1c:c2:be:17:00:00:00:00:03:6c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

ef:7f:cd:d0:f1:65:5b:c2:c3:bf:65:e8:a3:5e:d6:b9:ae:36:88:f7:d0:c5:18:72:77:4f:3b:85:36:40:74:76
Signer

.text
Size: 227KB - Virtual size: 226KB

.sdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 85KB - Virtual size: 85KB

.reloc
Size: 512B - Virtual size: 12B