pony | d6a697feaf92299019789d1ef4d41fee2190be8f78481cd5fd83d4f5438aff9f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d6a697feaf92299019789d1ef4d41fee2190be8f78481cd5fd83d4f5438aff9f
Size

31KB
MD5

3692db621fa21c7d2f3b1e180625f51c
SHA1

4de1a66eff0c6dc47f730d6f64c77991cc1a5014
SHA256

d6a697feaf92299019789d1ef4d41fee2190be8f78481cd5fd83d4f5438aff9f
SHA512

ff46afd528defceec020a028ab5599f6b79996e8207ae23ca4dd1a4e9b1f0b3e22b5b217a72c2bdd45d32e07f4cd4ca48f7c40648d8f15be3da3a3a4e881c700
SSDEEP

768:Qd7z0kGLxYwi9tr5qEdDEV7CVKSAm0llwPU1fUMyZlNT5F:W5GLli9ttRdAXS3sKPUhWH

Score

10^/10

upx pony

Malware Config

Extracted

Family

pony

C2

http://andex.biz/pic/indexc.php

Signatures

Pony family
pony

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

d6a697feaf92299019789d1ef4d41fee2190be8f78481cd5fd83d4f5438aff9f
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE