ploutus | e77be161723ab80ed386da3bf61abddc_JaffaCakes118 | Triage

Sharing

General

Target

e77be161723ab80ed386da3bf61abddc_JaffaCakes118
Size

302KB
MD5

e77be161723ab80ed386da3bf61abddc
SHA1

f1f53a6f59d31a8ba93676ef41a726885916766e
SHA256

e75e13d3b7a581014edcc2a397eaffbf91c3e5094d4afd81632d9ad872f935f4
SHA512

c4a530bdf1689c4510f7e4893a786a9c4cab667193f92ed00235023873bd65417497d87be3c61785175224da80a3dc5694bcffcd47d02377ffae0a8972c890ea
SSDEEP

6144:/ivpsr6qvhyuK2Mof/vTzKGP+rTfWbwXXMV:/Hr6ShyubMovTzKGPQSYY

Score

10^/10

ploutus

Malware Config

Signatures

Detected Ploutus loader 1 IoCs

Processes:

resource	yara_rule
sample	family_ploutus

Ploutus family
ploutus

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
e77be161723ab80ed386da3bf61abddc_JaffaCakes118

Files

e77be161723ab80ed386da3bf61abddc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

AgilisConfigurationUtility.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ