ploutus | NoFarmForMe3[.]rar | Triage

Sharing

General

Target

NoFarmForMe3.rar
Size

2.9MB
MD5

87959211320105db5be4a0fb84eae701
SHA1

474bda48349be312466a36c44990a30419619f19
SHA256

40109778f1234fe55298a1a7e6e7800b1b0c5bd6ca5a61bd2743c6b71c7e0e59
SHA512

722866e10fba916274b535efe4b97cc909f102911997c2aded2b20981c352b725ad445121a1c25a0dc84448b8a8affac943bfcdc112541370e82a7c405b52989
SSDEEP

49152:nQ2LSE/4yDT7AIUjZhR6+QvXUGcl/AgYIkAplY27lvA4H31eTSM5iuJED1:Q2LSE/dDT8IO6XPUTlYgYIk4daJfMdD1

Score

10^/10

ploutus

Malware Config

Signatures

Detected Ploutus loader 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/NoFarmForMe3.exe	family_ploutus

Ploutus family
ploutus

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/NoFarmForMe3.exe

Files

NoFarmForMe3.rar
.rar
NoFarmForMe3.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Mathieu\source\repos\NoFarmForMe3\NoFarmForMe3\obj\Release\NoFarmForMe3.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ