F:\汉中\汉中\称重装车2\称重装车\称重装车\HZPLC\HZPLC\obj\Debug\陕西交控定量装车管理系统.pdb
Behavioral task
behavioral1
Sample
f5cd0723484b93e5c6614422178b9b54d9ae70ed898e9c1698c14f616cf86dfe.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
f5cd0723484b93e5c6614422178b9b54d9ae70ed898e9c1698c14f616cf86dfe.exe
Resource
win10v2004-20240709-en
General
-
Target
f5cd0723484b93e5c6614422178b9b54d9ae70ed898e9c1698c14f616cf86dfe
-
Size
758KB
-
MD5
57eeab89948c1726867b41ae24407e9e
-
SHA1
8b71e1244f4db37ef0172a7c7cd0124dfccc4259
-
SHA256
f5cd0723484b93e5c6614422178b9b54d9ae70ed898e9c1698c14f616cf86dfe
-
SHA512
a8f6713f2b60d4a4cf8f3cf03de6bf5d628a0b04dc018fd83bb3f7578d36ec08e562a90510a968e2136a6ebe1622b8516909c1b1d2a22a3c8326c49a668ee0ef
-
SSDEEP
12288:6dWRF/dCcgNGvugkDSXFtDA4wnrMAggg3G4wnrMAgggJs4wnrM:pLdCcgNGvugkDSHA4RG4bs4
Malware Config
Signatures
-
Detected Ploutus loader 1 IoCs
Processes:
resource yara_rule sample family_ploutus -
Ploutus family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource f5cd0723484b93e5c6614422178b9b54d9ae70ed898e9c1698c14f616cf86dfe
Files
-
f5cd0723484b93e5c6614422178b9b54d9ae70ed898e9c1698c14f616cf86dfe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 700KB - Virtual size: 699KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 57KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ