ploutus | LANC PCPS (lancremasteredpcps[.]com)[.]rar | Triage

Sharing

General

Target

LANC PCPS (lancremasteredpcps.com).rar
Size

754KB
MD5

85f687d8c08e60d5cf7894a2619cc544
SHA1

92e3ff46c786f15ced6f0ef6c943f1bd65f8651a
SHA256

ab0fa800e796a88d13a79c484c52a0e17c7dd734cba179355a2d63ccd0aa0f4f
SHA512

9b5454decf642029b892b0244b9eb2ee1bb03140a65cf10fef724d568599b0f7c8ea5d62afdd1fc3eb009fbb434611a7732f87cd4b1a3129557de7d9020ca28a
SSDEEP

12288:MYCGRBXOi9shcLTxW597+crhgxuh5OS15Ku+xEz24XECx4X0cLuSY7Vnfx1yj8KU:TVS9yTc7z5KzEz2mECuTY7Vn51U8KSD

Score

10^/10

ploutus

Malware Config

Signatures

Detected Ploutus loader 1 IoCs

resource	yara_rule
static1/unpack001/LANC PCPS (lancremasteredpcps.com).exe	family_ploutus

Ploutus family
ploutus

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/LANC PCPS (lancremasteredpcps.com).exe

Files

LANC PCPS (lancremasteredpcps.com).rar
.rar
LANC PCPS (lancremasteredpcps.com).exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

J:\Work\PsychoCoding\Packet Sniffing\PCPS\PCPS\obj\Debug\PCPS.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ