ploutus | 129584491808171fee3c9c4875cbb4a39d9e5d273e9e0d46c1cb08cccf51d44f | Triage

Sharing

General

Target

129584491808171fee3c9c4875cbb4a39d9e5d273e9e0d46c1cb08cccf51d44f
Size

1.7MB
MD5

036dc3218b5f8cb3aeacb67575b98001
SHA1

23af359867202db45b8d70134d5e2b751c46d334
SHA256

129584491808171fee3c9c4875cbb4a39d9e5d273e9e0d46c1cb08cccf51d44f
SHA512

25f0889fc4649011b715b6286a8f9cb7c2f4e6f69be686d97efc77f7d1fa8a3f33f8c37687d0ad57aa33c5f892ec97812843a74c764e14d2ef9c697c993688a8
SSDEEP

24576:Oe05gDmt2ZNIPjOsLwZPk6XF7gGeRdGT0AfZ2eolxldU3gp8wRdtko+Q7Hn3Pl+Q:OlgKEZNIPtLwu0bThfolxldWg7

Score

10^/10

ploutus

Malware Config

Signatures

Detected Ploutus loader 1 IoCs

Processes:

resource	yara_rule
sample	family_ploutus

Ploutus family
ploutus

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
129584491808171fee3c9c4875cbb4a39d9e5d273e9e0d46c1cb08cccf51d44f

Files

129584491808171fee3c9c4875cbb4a39d9e5d273e9e0d46c1cb08cccf51d44f
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

jl)fx^
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 614KB - Virtual size: 613KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ