Extracted

• • Target

    36360ea88102066e3c52c052b5c68991_JaffaCakes118

  • Size

    2.6MB

  • MD5

    36360ea88102066e3c52c052b5c68991

  • SHA1

    4c7d7fab23aeee07d265e89d42c2bf174d5ae221

  • SHA256

    e42fabfd0e9a23c0c9280dac1c34ac0cd55893570c354a688e27b631c8d47664

  • SHA512

    7a68267ec647885bff35b86f05e44cfbad44c9117d21017e7807f2052d6c00513e5de446909bb8164268bc50e457aba2450e615d1957b72437e7030a0ba99f00

  • SSDEEP

    49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlG:86SIROiFJiwp0xlrlG

  Score

  10^/10

  ponyevasionpersistenceratspywarestealer

  • Modifies WinLogon for persistence

    persistence

  • Modifies visiblity of hidden/system files in Explorer

    evasion

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Modifies Installed Components in the registry

    persistence

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2