pony | 7d48788255b2d00b291ebe56833a1778_JaffaCakes118 | Triage

Sharing

General

Target

7d48788255b2d00b291ebe56833a1778_JaffaCakes118
Size

34KB
MD5

7d48788255b2d00b291ebe56833a1778
SHA1

35e156ffffcd9b2be8bff9c8ea96f12c6da6af96
SHA256

a1d21de5c2a0cea04c4369ff98d30b3ebdd46f070e4f324e44a2cbdb7151192d
SHA512

ac9ad41fe905ba0db188f1e1adf7708379fc200d23628701e2bee404abad6fa7e34e4cd7fc075c805f92d6aa7ce8a881b9341f265acce4e71a17fb504028edb2
SSDEEP

768:1oxLUQIjTOqmIHXNCJgfyB6o4L7q8ls42aFXRJnfsj7saF1:+xLtEX+B6oCq8C42aFh1f8h1

Score

10^/10

upx pony

Malware Config

Extracted

Family

pony

C2

http://bantil.us/Panel/gate.php

Signatures

Pony family
pony
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

sample upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
7d48788255b2d00b291ebe56833a1778_JaffaCakes118
unpack001/out.upx

Files

7d48788255b2d00b291ebe56833a1778_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE