plugx | 27259e69ca8b683135b3e45f8b0e2a70d9cc8a20b417c04b958b3417a71c0ff1

Sharing

Copy URL

Twitter E-mail

General

Target

27259e69ca8b683135b3e45f8b0e2a70d9cc8a20b417c04b958b3417a71c0ff1
Size

191KB
MD5

1738bff75f4f3e0a9ccca3ea45d6a22a
SHA1

eeba2760aa5c667d335595537231777a5f0a7538
SHA256

27259e69ca8b683135b3e45f8b0e2a70d9cc8a20b417c04b958b3417a71c0ff1
SHA512

3f335cfbe970941658521373b174dbd029887bc688999176863f584125790ec65024cf88de3ca22f7cff02845c7c883d69a3fe4d3d7a40967e9cb02aec20cbbc
SSDEEP

3072:uWik+HjHUJRFVIUee3uvuJHqXrqjQCbwdPYevc8Mzao3nITCLUoeD1murmlTi0bt:6Hj0JRFuUalrgQ1gevBMzao3jgoeD1m9

Score

10^/10

plugx

Malware Config

Signatures

Detects PlugX payload 1 IoCs

resource	yara_rule
sample	family_plugx

Plugx family
plugx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27259e69ca8b683135b3e45f8b0e2a70d9cc8a20b417c04b958b3417a71c0ff1

Files

27259e69ca8b683135b3e45f8b0e2a70d9cc8a20b417c04b958b3417a71c0ff1
.dll windows:5 windows x86 arch:x86

c27d767145199105470a4c2ae155496e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeThread
VirtualProtectEx
ResumeThread
VirtualQueryEx
CreateFileMappingW
VirtualProtect
GetFileAttributesW
SetErrorMode
GetLocalTime
SetFilePointer
SetEndOfFile
GlobalLock
GlobalUnlock
QueryDosDeviceW
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
FindFirstFileW
FindClose
FindNextFileW
FlushFileBuffers
SetFileTime
GetFileTime
CreateDirectoryW
ExpandEnvironmentStringsW
GetProcessHeap
HeapFree
CopyFileW
lstrcpyW
QueryPerformanceFrequency
QueryPerformanceCounter
CreateNamedPipeW
ConnectNamedPipe
GetOverlappedResult
GetConsoleCP
FreeConsole
GetConsoleOutputCP
GetConsoleWindow
AllocConsole
VirtualAllocEx
SetConsoleScreenBufferSize
GetStdHandle
WriteConsoleInputW
GenerateConsoleCtrlEvent
GetConsoleMode
GetConsoleDisplayMode
GetConsoleCursorInfo
GetConsoleScreenBufferInfo
ReadConsoleOutputW
GetSystemDirectoryW
GetWindowsDirectoryW
GetModuleFileNameW
GetModuleHandleW
RemoveDirectoryW
GetComputerNameW
ProcessIdToSessionId
lstrcpynA
ResetEvent
VirtualFree
CreateThread
lstrcmpA
ExitThread
LocalAlloc
lstrcatW
OutputDebugStringA
LocalFree
LocalLock
LocalUnlock
PostQueuedCompletionStatus
LocalReAlloc
CreateIoCompletionPort
TerminateThread
GetCurrentThread
GetQueuedCompletionStatus
QueueUserAPC
GetModuleHandleA
DeleteFileW
WriteProcessMemory
ReadProcessMemory
OpenProcess
GetVersionExW
GetCurrentThreadId
SetUnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
lstrlenW
WriteFile
SetFileAttributesW
ReadFile
GetFileSize
CreateFileW
lstrcpyA
lstrcmpW
lstrcpynW
WaitForMultipleObjects
GetTickCount
CreateEventW
CreateProcessW
GetCurrentProcessId
lstrcmpiW
ExitProcess
GetCurrentProcess
TerminateProcess
GetLastError
CreateMutexW
GetCommandLineW
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
MapViewOfFile
OpenFileMappingW
GetSystemDefaultLCID
GetSystemInfo
GetSystemTime
GlobalMemoryStatus
VirtualFreeEx
DisconnectNamedPipe
CreateRemoteThread
CloseHandle
WaitForSingleObject
SetEvent
GetProcAddress
LoadLibraryA
SetConsoleCtrlHandler
Sleep

user32

GetWindowThreadProcessId
GetClassNameW
GetWindowTextW
GetForegroundWindow
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
CloseDesktop
CreateDesktopW
KillTimer
GetAsyncKeyState
TranslateMessage
GetMessageW
SetTimer
SetWindowLongW
GetKeyState
GetIconInfo
DestroyIcon
CreateWindowExW
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
DefWindowProcW
SendMessageW
LoadCursorW
WindowFromPoint
SetCapture
SetCursorPos
mouse_event
keybd_event
OpenWindowStationW
GetProcessWindowStation
SetProcessWindowStation
OpenInputDesktop
GetThreadDesktop
SetThreadDesktop
CloseWindowStation
PostMessageA
ShowWindow
DispatchMessageW
PostQuitMessage
ChangeClipboardChain
EndPaint
BeginPaint
SetClipboardViewer
GetSystemMetrics
ExitWindowsEx
wsprintfA
MessageBoxW
wsprintfW
CloseClipboard

gdi32

CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
GdiFlush
BitBlt
GetDeviceCaps
DeleteDC
DeleteObject
GetDIBits
CreateDCW
SelectObject

advapi32

QueryServiceStatusEx
StartServiceW
ChangeServiceConfig2W
CreateServiceW
OpenServiceW
OpenSCManagerW
DeleteService
InitiateSystemShutdownA
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryValueExW
EnumServicesStatusExW
QueryServiceConfigW
QueryServiceConfig2W
ControlService
ChangeServiceConfigW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegDeleteValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameW
LookupAccountSidW
GetLengthSid
CheckTokenMembership
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
RegEnumValueA
ImpersonateLoggedOnUser
RegOpenCurrentUser
RegOverridePredefKey
RevertToSelf
RegEnumValueW
CloseServiceHandle

shell32

ExtractIconExW
CommandLineToArgvW
SHFileOperationW

ole32

CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoUninitialize

oleaut32

VariantClear

odbc32

ord136
ord43
ord13
ord127
ord18
ord61
ord111
ord9
ord141
ord75
ord24
ord171
ord31
ord157
ord2

wtsapi32

WTSEnumerateProcessesW

ws2_32

WSARecvFrom
setsockopt
WSAIoctl
WSASocketA
getsockname
bind
WSASendTo
WSACleanup
WSAGetLastError
WSAStartup
closesocket

Sections

.text
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c27d767145199105470a4c2ae155496e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

odbc32

wtsapi32

ws2_32

Sections

.text Size: 131KB - Virtual size: 130KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 32KB - Virtual size: 47KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 131KB - Virtual size: 130KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 32KB - Virtual size: 47KB

.reloc
Size: 11KB - Virtual size: 11KB