pony | Report[.]exe | Triage

Sharing

General

Target

Report.exe
Size

34KB
MD5

3e7da07027a273d289ec506abbe1dce4
SHA1

221e5938e67584c4960859ca42382a5881994a46
SHA256

6739aa28e378b65585a1e2d1c6c414335d93957b89761fb2520e9fbe2b6d7666
SHA512

b64811a7a464d4ff79b1d924ab9f9be8803aeb48ae3ce86623ed638ec47551f91a32eff7b2ab5256e31b4fc5dc379b5950678e9dcb69d531c97785e4aab3ae47
SSDEEP

768:vZDMNVN0xYiKO1K4nVr1WG0HxMLHYdQyYtX551f962FpJ6yXH:vZaUxqP2ptP8Q/551IQJ1XH

Score

10^/10

upx pony

Malware Config

Extracted

Family

pony

C2

http://dapurslkm.co.id/mw/p/gate.php

Attributes

payload_url
http://dapurslkm.co.id/mw/p/micro.exe

Signatures

Pony family
pony

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
Report.exe
unpack001/out.upx

Files

Report.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE