824c0546ae0a21a769833c2467b5541e1424c2693c86bd0cad5b2894ae3c2b01 | Triage

Submit
Reports

Overview

overview

Static

static

824c0546ae...01.exe

windows7-x64

824c0546ae...01.exe

windows10-2004-x64

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

824c0546ae0a21a769833c2467b5541e1424c2693c86bd0cad5b2894ae3c2b01.exe

Resource

win7-20221111-en

pony collection discovery rat spyware stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

824c0546ae0a21a769833c2467b5541e1424c2693c86bd0cad5b2894ae3c2b01.exe

Resource

win10v2004-20221111-en

pony collection discovery rat spyware stealer

windows10-2004-x64

8 signatures

150 seconds

General

Target

824c0546ae0a21a769833c2467b5541e1424c2693c86bd0cad5b2894ae3c2b01
Size

119KB
MD5

1b9b45d244836cdcbbab796caa841440
SHA1

179350955404485e4bc2f95eb8b61c39889b0efc
SHA256

824c0546ae0a21a769833c2467b5541e1424c2693c86bd0cad5b2894ae3c2b01
SHA512

39c399a098d6760c2384dc5891d5d45bd529e0a3e7bc181f7973cb08c50c34de593325fad1df80287f507283bb1c6dff329170c750c43374a0b0db109fb42b54
SSDEEP

3072:NuarYe1tANQ3mthdF615AqqMtpZxHZIt11:TR1mGoH615AWhx5I

Score

N/A

Malware Config

Signatures

Files

824c0546ae0a21a769833c2467b5541e1424c2693c86bd0cad5b2894ae3c2b01
.exe windows x86

884a377543fae05b914841c4cee78d68

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
GetLogicalDrives
GetStringTypeW
InterlockedIncrement
Sleep
LoadLibraryA
GetLongPathNameA
WaitForSingleObject
GetCurrentDirectoryA
FindResourceW
GetDiskFreeSpaceW
GetPrivateProfileIntA
lstrcpyW
GetDiskFreeSpaceW
lstrcmpA
ReadFileEx
Heap32First
GetModuleHandleW
SetEnvironmentVariableA
GetPrivateProfileSectionA
HeapCreate
GetExitCodeProcess
GetPrivateProfileIntA

apphelp

SdbCreateMsiTransformFile
AllowPermLayer
ApphelpCheckExe
ApphelpCheckIME

clbcatq

SetupOpen
ComPlusMigrate
CheckMemoryGates
DllGetClassObject
SetSetupSave
DllGetClassObject
ComPlusMigrate
SetupOpen
SetupOpen
CheckMemoryGates
ComPlusMigrate
CheckMemoryGates
SetSetupSave

version

VerFindFileA

Sections

.text
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

© 2018-2025

Terms | Privacy