ploutus | a326655e898f48d83798b359172e5bf690b39fd62a78bc6467f1af1905ea50bf

Sharing

Copy URL Twitter E-mail

General

Target

a326655e898f48d83798b359172e5bf690b39fd62a78bc6467f1af1905ea50bf
Size

291KB
MD5

ccf95a6e31d478ef17b3887c6c848e92
SHA1

47ecec30e104af3044b4ec910eed8d23b236fb6d
SHA256

a326655e898f48d83798b359172e5bf690b39fd62a78bc6467f1af1905ea50bf
SHA512

4160381593ae58194e508bd37b4a8428c52bd88d334cb1d952755f2f682dae59db093c68f4e7289582a72daf95332e6ad8ff080df1cc475ea9529efe82b361bb
SSDEEP

6144:q5DUQEEqxnEz1lOA+UrcLHTQFXNuHMzTy1d:LxEz1h+ccbTcsHfd

Score

10^/10

ploutus

Malware Config

Signatures

Detected Ploutus loader 1 IoCs

resource	yara_rule
sample	family_ploutus

Ploutus family
ploutus

Files

a326655e898f48d83798b359172e5bf690b39fd62a78bc6467f1af1905ea50bf
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:03:6c:e5:7e:eb:5d:1c:c2:be:17:00:00:00:00:03:6c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/01/2022, 19:31

Not After

26/01/2023, 19:31

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

df:e8:bb:5a:ab:78:04:5e:be:40:bd:94:40:61:6d:78:90:1b:ae:c9:b8:f2:6a:ec:aa:9e:63:85:d0:92:70:2e
Signer

Actual PE Digest

df:e8:bb:5a:ab:78:04:5e:be:40:bd:94:40:61:6d:78:90:1b:ae:c9:b8:f2:6a:ec:aa:9e:63:85:d0:92:70:2e

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdata
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:03:6c:e5:7e:eb:5d:1c:c2:be:17:00:00:00:00:03:6cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

df:e8:bb:5a:ab:78:04:5e:be:40:bd:94:40:61:6d:78:90:1b:ae:c9:b8:f2:6a:ec:aa:9e:63:85:d0:92:70:2eSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 196KB - Virtual size: 195KB

.sdata Size: 1024B - Virtual size: 744B

.rsrc Size: 82KB - Virtual size: 82KB

.reloc Size: 512B - Virtual size: 12B

33:00:00:03:6c:e5:7e:eb:5d:1c:c2:be:17:00:00:00:00:03:6c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

df:e8:bb:5a:ab:78:04:5e:be:40:bd:94:40:61:6d:78:90:1b:ae:c9:b8:f2:6a:ec:aa:9e:63:85:d0:92:70:2e
Signer

.text
Size: 196KB - Virtual size: 195KB

.sdata
Size: 1024B - Virtual size: 744B

.rsrc
Size: 82KB - Virtual size: 82KB

.reloc
Size: 512B - Virtual size: 12B