Extracted

• • Target

    e44f517b83d43396d0a1b9dccbcdfa9dfb34d0a976e90b29d87efd7940d325b5

  • Size

    78KB

  • MD5

    c8d9419d7924deaa7dc546ed64806ee6

  • SHA1

    542404287e342fb5b966346b63068ce443e1ef76

  • SHA256

    e44f517b83d43396d0a1b9dccbcdfa9dfb34d0a976e90b29d87efd7940d325b5

  • SHA512

    e3dbaaa2c2b2d44636d314c7e0bc522aa5f8a81de1e73faccfc9a924b0e523cc8603a7c54c0bc69948c83138bbb6bbf5e7267a2f0b8621c24e87cab77d9efba3

  • SSDEEP

    1536:85cD2qEa08n/r3BBqOFkX97B8yL/khtrT6shhoB5:8qD+8nz3BAOm1eyLmlO8M

  Score

  10^/10

  ponycollectionpersistenceratspywarestealerupx

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2