ploutus | LANC PCPS (lancremasteredpcps[.]com)[.]exe | Triage

Sharing

General

Target

LANC PCPS (lancremasteredpcps.com).exe
Size

2.8MB
MD5

40223dfcb0906b84752e898934bc661a
SHA1

84e7ca1cf876b4147cf135625310c0e5d0f3689f
SHA256

fba90ea29f691bb318f71bf85fe9ac62e22dd697cc7ce3de80dc66c6d574fc95
SHA512

b11ad1bd017b5f908fb4b03f2cfd66b823f5e466433e9069d67a0af27593aec9d9f5336345fd6e66734623a4586a13a1bbdb8029cfb473501ef729e72a100707
SSDEEP

49152:83+xTCM1oVeG0kGj/esU462SJJm0tjRU+hT9Lgr84zMG8qK7kyjF3U4RRGef++fd:8LGefGh

Score

10^/10

ploutus

Malware Config

Signatures

Detected Ploutus loader 1 IoCs

Processes:

resource	yara_rule
sample	family_ploutus

Ploutus family
ploutus

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
LANC PCPS (lancremasteredpcps.com).exe

Files

LANC PCPS (lancremasteredpcps.com).exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

J:\Work\PsychoCoding\Packet Sniffing\PCPS\PCPS\obj\Debug\PCPS.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ