ploutus | d47d6a1bec9a8461f471b1459e88923825f7688302d69b5478c231335b354061

Sharing

Copy URL

Twitter E-mail

General

Target

d47d6a1bec9a8461f471b1459e88923825f7688302d69b5478c231335b354061
Size

71KB
MD5

0406ab7e6dce862625a5814df7b20da0
SHA1

d4b165dd1c38b558314c07becc64492df91f1d29
SHA256

d47d6a1bec9a8461f471b1459e88923825f7688302d69b5478c231335b354061
SHA512

3eda2e2f53bb2ad0faaf202cb6b82ff722e228e4e2bc04f6a8cf877329090ee3df14643cdad92e24fe769835bff3658ab50cc989c26dbffcb78dcaff8a2aeb51
SSDEEP

1536:piqG4+cXnwPvqtOkBDzUHjcMbo/braLK5s4y1AEDzJ3hIF:NGpooqtOk9mwMbo6+yVAEDz4F

Score

10^/10

ploutus

Malware Config

Signatures

Detected Ploutus loader 1 IoCs

Processes:

resource	yara_rule
sample	family_ploutus

Ploutus family
ploutus

Files

d47d6a1bec9a8461f471b1459e88923825f7688302d69b5478c231335b354061
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:7f:a1:49:51:79:80:f6:4d:0e:f3:28:e3:e0:6e:7f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19-11-2020 00:00

Not After

28-11-2023 23:59

Subject

CN=Diebold Nixdorf\, Incorporated,OU=Diebold Global ATM Software,O=Diebold Nixdorf\, Incorporated,L=North Canton,ST=Ohio,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:b0:3d:e7:c7:7e:82:56:cd:52:75:d3:71:7a:34:90:c9:4f:d2:08:01:fa:19:57:9f:61:6b:31:74:fc:00:ad
Signer

Actual PE Digest

06:b0:3d:e7:c7:7e:82:56:cd:52:75:d3:71:7a:34:90:c9:4f:d2:08:01:fa:19:57:9f:61:6b:31:74:fc:00:ad

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

05:7f:a1:49:51:79:80:f6:4d:0e:f3:28:e3:e0:6e:7fCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

06:b0:3d:e7:c7:7e:82:56:cd:52:75:d3:71:7a:34:90:c9:4f:d2:08:01:fa:19:57:9f:61:6b:31:74:fc:00:adSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 59KB - Virtual size: 58KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 12B

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

05:7f:a1:49:51:79:80:f6:4d:0e:f3:28:e3:e0:6e:7f
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

06:b0:3d:e7:c7:7e:82:56:cd:52:75:d3:71:7a:34:90:c9:4f:d2:08:01:fa:19:57:9f:61:6b:31:74:fc:00:ad
Signer

.text
Size: 59KB - Virtual size: 58KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B