Overview

overview

10

Static

static

10

729a7bf23d...af.exe

windows7-x64

7

729a7bf23d...af.exe

windows10-2004-x64

7

$PLUGINSDI...lp.dll

windows7-x64

3

$PLUGINSDI...lp.dll

windows10-2004-x64

7

$PLUGINSDI...SC.dll

windows7-x64

3

$PLUGINSDI...SC.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$TEMP/Conn...wn.exe

windows7-x64

1

$TEMP/Conn...wn.exe

windows10-2004-x64

1

BuildProps.dll

windows7-x64

1

BuildProps.dll

windows10-2004-x64

1

ConnUPnP.dll

windows7-x64

1

ConnUPnP.dll

windows10-2004-x64

1

Connectify.exe

windows7-x64

1

Connectify.exe

windows10-2004-x64

6

ConnectifyNAT.dll

windows7-x64

1

ConnectifyNAT.dll

windows10-2004-x64

1

Connectify...es.exe

windows7-x64

1

Connectify...es.exe

windows10-2004-x64

1

Connectifyd.exe

windows7-x64

1

Connectifyd.exe

windows10-2004-x64

1

DriverLib.dll

windows7-x64

1

DriverLib.dll

windows10-2004-x64

1

HardwareHelperLib.dll

windows7-x64

1

HardwareHelperLib.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    729a7bf23d64052ca1bde881bc9813af

  • Size

    2.2MB

  • MD5

    729a7bf23d64052ca1bde881bc9813af

  • SHA1

    c48d1519c05088b9dc4b0af6da71aefaabddcd91

  • SHA256

    5341b3921b75549adbe59365517c30bd045e63162728d9ba48f79832fea1bea0

  • SHA512

    32c9966ab4d522876384ccd355585a5940ac06580faf036fcd9f5d1b7f21eef98ee77c18c57ab86ee460d41114868b6f95ef8bae7de299b4d4235c61af551d61

  • SSDEEP

    49152:JladY2vgqH0OKj06nL6IDZdkYk8vauvM8s2N8rQYKwddARZkrdi/:Wr0txL6INnkeaMOVSceHkk/

Score
10/10
ploutus

Malware Config

Signatures

  • Detected Ploutus loader 1 IoCs
  • Ploutus family
    ploutus
  • Unsigned PE 11 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 4 IoCs
    installer

Files

  • 729a7bf23d64052ca1bde881bc9813af
    .exe windows:4 windows x86 arch:x86

    dfb06052e74b26a42b0e490bd1c07959


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/OCSetupHlp.dll
    .dll windows:5 windows x86 arch:x86

    381c1a7f3f27ab66566821aba364e0bb


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/SimpleSC.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UAC.dll
    .dll windows:4 windows x86 arch:x86

    d78ca16597d32a4413a1ca1794041785


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsDialogs.dll
    .dll windows:4 windows x86 arch:x86

    1e2884056e655f2b7bc5a904e352fc80


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    d83f71e61ee459ee63ca3e829966a9dc


    Headers

    Imports

    Exports

    Sections

  • $TEMP/ConnectifyShutdown.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • BuildProps.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • ConnUPnP.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Connectify.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • Connectify.exe.config
  • ConnectifyNAT.dll
    .dll windows:5 windows x86 arch:x86

    57b18e903372b724875c07b9487e1a18


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • ConnectifyNetServices.exe
    .exe windows:5 windows x86 arch:x86

    5c9a7c42314bfcf982d918ee6b0cb0c3


    Code Sign

    Headers

    Imports

    Sections

  • Connectifyd.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • Connectifyd.exe.config
  • DriverLib.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • HardwareHelperLib.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • HtmlAgilityPack.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Interop.NETCONLib.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Interop.NETWORKLIST.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Interop.NetFwTypeLib.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Interop.SHDocVw.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Ionic.Zip.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • OpenCandy/OCSetupHlp.dll
    .dll windows:5 windows x86 arch:x86

    381c1a7f3f27ab66566821aba364e0bb


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • OpenCandy/OpenCandy_Why_Is_This_Here.txt
  • UPnP.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Uninstall.exe.nsis
  • WCN-UFD/AUTORUN.INF
  • WCN-UFD/SMRTNTKY/MessageB.txt
  • WCN-UFD/SMRTNTKY/fcw.ico
  • WCN-UFD/setupSNK.exe
    .exe windows:6 windows x86 arch:x86

    f33d1aaa7748aac42f8b1bfe46c5bd4d


    Headers

    Imports

    Sections

  • WPSLib.dll
    .dll windows:5 windows x86 arch:x86

    38c4c38395ad5357ba42c880eab2eaff


    Code Sign

    Headers

    Imports

    Sections

  • connectifynat.l4c
  • drivers/amd64/connctfy.cat
  • drivers/amd64/connctfy.inf
  • drivers/amd64/connctfy.sys
    .sys windows:5 windows x64 arch:x64

    47741601a8d417ed3dee154e7b640d25


    Code Sign

    Headers

    Imports

    Sections

  • drivers/amd64/connctfy_m.inf
  • drivers/amd64/snetcfg.exe
    .exe windows:5 windows x64 arch:x64

    cef93da515744014629bc14ba0ac6191


    Headers

    Imports

    Sections

  • drivers/x86/connctfy.cat
  • drivers/x86/connctfy.inf
  • drivers/x86/connctfy.sys
    .sys windows:5 windows x86 arch:x86

    64277759856db01af6510c7d40f82086


    Code Sign

    Headers

    Imports

    Sections

  • drivers/x86/connctfy_m.inf
  • drivers/x86/snetcfg.exe
    .exe windows:5 windows x86 arch:x86

    d6ae4c79da3020a39c8e06ed18543c45


    Headers

    Imports

    Sections

  • gma.Windows.Firewall.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • install-driver-amd64.bat
  • install-driver-x86.bat
  • io.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • log4cxx.dll
    .dll windows:5 windows x86 arch:x86

    b5b218837ee2088b39158732524b0c94


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • log4net.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • logs/logs.txt
  • ndisapi.dll
    .dll windows:4 windows x86 arch:x86

    8d71c681d609622894a03eef29b735ce


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • source/ManagedWifi/Interop.cs
  • source/ManagedWifi/ManagedWifi.csproj
  • source/ManagedWifi/Properties/AssemblyInfo.cs
  • source/ManagedWifi/WlanApi.cs
    .vbs
  • source/ManagedWifi/app.config
  • source/ManagedWifi/license.txt
  • source/dualserver/DualServer.cpp
  • source/dualserver/DualServer.h
  • source/dualserver/gpl-2.0.txt
  • source/dualserver/makefile
  • start_service.exe
    .exe windows:4 windows x86 arch:x86

    1c042238f43557c055fca8642de8a074


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/SimpleSC.dll
    .dll windows:4 windows x86 arch:x86


    Headers

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    d83f71e61ee459ee63ca3e829966a9dc


    Headers

    Imports

    Exports

    Sections

  • uninstall-driver-amd64.bat
  • uninstall-driver-x86.bat
  • wifi.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections