c:\Users\PsychoNation\Desktop\managedwifi-69709\obj\Debug\ManagedWifi.pdb
Overview
overview
10Static
static
10LANC_Remastered.exe
windows10-2004-x64
3LANC_Remastered.exe
windows11-21h2-x64
3ManagedWifi.dll
windows10-2004-x64
1ManagedWifi.dll
windows11-21h2-x64
1PcapDotNet...is.dll
windows10-2004-x64
1PcapDotNet...is.dll
windows11-21h2-x64
1PcapDotNet.Base.dll
windows10-2004-x64
1PcapDotNet.Base.dll
windows11-21h2-x64
1PcapDotNet...ns.dll
windows10-2004-x64
1PcapDotNet...ns.dll
windows11-21h2-x64
1PcapDotNet.Core.dll
windows10-2004-x64
1PcapDotNet.Core.dll
windows11-21h2-x64
1PcapDotNet...ts.dll
windows10-2004-x64
1PcapDotNet...ts.dll
windows11-21h2-x64
1PsychoCodi...me.dll
windows10-2004-x64
1PsychoCodi...me.dll
windows11-21h2-x64
1Behavioral task
behavioral1
Sample
LANC_Remastered.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
1800 seconds
Behavioral task
behavioral2
Sample
LANC_Remastered.exe
Resource
win11-20240508-en
windows11-21h2-x64
1 signatures
1800 seconds
Behavioral task
behavioral3
Sample
ManagedWifi.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
1800 seconds
Behavioral task
behavioral4
Sample
ManagedWifi.dll
Resource
win11-20240508-en
windows11-21h2-x64
0 signatures
1800 seconds
Behavioral task
behavioral5
Sample
PcapDotNet.Analysis.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
1800 seconds
Behavioral task
behavioral6
Sample
PcapDotNet.Analysis.dll
Resource
win11-20240508-en
windows11-21h2-x64
0 signatures
1800 seconds
Behavioral task
behavioral7
Sample
PcapDotNet.Base.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
1800 seconds
Behavioral task
behavioral8
Sample
PcapDotNet.Base.dll
Resource
win11-20240508-en
windows11-21h2-x64
0 signatures
1800 seconds
Behavioral task
behavioral9
Sample
PcapDotNet.Core.Extensions.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
1800 seconds
Behavioral task
behavioral10
Sample
PcapDotNet.Core.Extensions.dll
Resource
win11-20240611-en
windows11-21h2-x64
0 signatures
1800 seconds
Behavioral task
behavioral11
Sample
PcapDotNet.Core.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
1800 seconds
Behavioral task
behavioral12
Sample
PcapDotNet.Core.dll
Resource
win11-20240508-en
windows11-21h2-x64
1 signatures
1800 seconds
Behavioral task
behavioral13
Sample
PcapDotNet.Packets.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
1800 seconds
Behavioral task
behavioral14
Sample
PcapDotNet.Packets.dll
Resource
win11-20240611-en
windows11-21h2-x64
0 signatures
1800 seconds
Behavioral task
behavioral15
Sample
PsychoCoding Theme.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
0 signatures
1800 seconds
Behavioral task
behavioral16
Sample
PsychoCoding Theme.dll
Resource
win11-20240611-en
windows11-21h2-x64
0 signatures
1800 seconds
General
-
Target
LANC_Remastered.zip
-
Size
987KB
-
MD5
c79da30f81db02d0ed7a34df3173266f
-
SHA1
e4d882640ca8816b93400f3b3a6e754cfa124e0c
-
SHA256
5b53bcd42099daacaaa4da84d7a206097e9b6a36ba4debacc8cbdc3807fd7122
-
SHA512
df79788aa1fc453d19877e1ae64b171580aaa97f29f4549efde70c9edef48a3a49979aa195bdac93b82df7daf2d9378dc132e963998fe0474056e0a840708ec9
-
SSDEEP
24576:Zn3T9IanWsN/eDjqZvz8NmVHd/f4Ig2pj1KUcjwqBAmvsEu:ZnOmjYAz8wVZtbjaA2sEu
Score
10/10
Malware Config
Signatures
-
Detected Ploutus loader 1 IoCs
Processes:
resource yara_rule static1/unpack001/LANC_Remastered.exe family_ploutus -
Ploutus family
-
Unsigned PE 8 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/LANC_Remastered.exe unpack001/ManagedWifi.dll unpack001/PcapDotNet.Analysis.dll unpack001/PcapDotNet.Base.dll unpack001/PcapDotNet.Core.Extensions.dll unpack001/PcapDotNet.Core.dll unpack001/PcapDotNet.Packets.dll unpack001/PsychoCoding Theme.dll
Files
-
LANC_Remastered.zip.zip
-
LANC_Remastered.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 124KB - Virtual size: 124KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ManagedWifi.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
mscoree
_CorDllMain
Sections
.text Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
PcapDotNet.Analysis.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 90KB - Virtual size: 90KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 984B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
PcapDotNet.Base.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
C:\Users\Boaz\TFS\tfs06.codeplex.com\PcapDotNet\PcapDotNet\src\PcapDotNet.Base\obj\Release\PcapDotNet.Base.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 960B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
PcapDotNet.Core.Extensions.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
C:\Users\Boaz\TFS\tfs06.codeplex.com\PcapDotNet\PcapDotNet\src\PcapDotNet.Core.Extensions\obj\Release\PcapDotNet.Core.Extensions.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
PcapDotNet.Core.dll.dll windows:5 windows x86 arch:x86
b0d7e5e2d1863ef226ece143700901c1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
C:\Users\Boaz\TFS\tfs06.codeplex.com\PcapDotNet\PcapDotNet\bin\Release\PcapDotNet.Core.pdb
Imports
msvcr100
__dllonexit
_unlock
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
?what@exception@std@@UBEPBDXZ
_lock
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
??3@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
_crt_debugger_hook
_except_handler4_common
_amsg_exit
_onexit
__FrameUnwindFilter
_cexit
__CxxQueryExceptionSize
__CxxExceptionFilter
__CxxRegisterExceptionObject
__CxxDetectRethrow
__CxxUnregisterExceptionObject
??2@YAPAXI@Z
_CxxThrowException
memmove
??1exception@std@@UAE@XZ
kernel32
GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
wpcap
pcap_dispatch
pcap_loop
pcap_sendpacket
pcap_offline_filter
pcap_freecode
pcap_setfilter
pcap_compile
pcap_open_dead
pcap_dump_flush
pcap_dump_ftell
pcap_dump_close
pcap_dump
pcap_dump_open
pcap_sendqueue_alloc
pcap_sendqueue_queue
pcap_sendqueue_destroy
pcap_sendqueue_transmit
pcap_datalink_val_to_name
pcap_datalink_val_to_description
pcap_datalink_name_to_val
pcap_geterr
pcap_lib_version
pcap_setmintocopy
pcap_setbuff
pcap_setnonblock
pcap_getnonblock
pcap_setmode
pcap_set_datalink
pcap_open
pcap_close
pcap_breakloop
pcap_setsampling
pcap_minor_version
pcap_major_version
pcap_is_swapped
pcap_snapshot
pcap_datalink
pcap_stats_ex
pcap_createsrcstr
pcap_findalldevs_ex
pcap_freealldevs
pcap_next_ex
msvcp100
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
mscoree
_CorDllMain
Sections
.text Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 47KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 436B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
PcapDotNet.Packets.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
C:\Users\Boaz\TFS\tfs06.codeplex.com\PcapDotNet\PcapDotNet\src\PcapDotNet.Packets\obj\Release\PcapDotNet.Packets.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 151KB - Virtual size: 151KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 944B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
PsychoCoding Theme.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
K:\Work\Themes\PsychoCoding Theme\PsychoCoding Theme\obj\Debug\PsychoCoding Theme.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 968B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
readme.txt