pony | 5828cea9f614955c2cb71a73ef9c2629JaffaCakes118_NeikiAnalytics | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5828cea9f614955c2cb71a73ef9c2629JaffaCakes118_NeikiAnalytics
Size

216KB
MD5

5828cea9f614955c2cb71a73ef9c2629
SHA1

04cee649384b24467e09ffa81574abe246f27fab
SHA256

a11868547992649e227273a1106a3da835fb99f19e75d1572c466615f9504ac5
SHA512

962cd19241b61842dad7ea6c879130904a4b8cdc542bfdff4ea5c6f2704325caafd487eb74482ef13b764d3be61fe998dc15c265350b168e9038a33ccb702f09
SSDEEP

6144:ZAzTxSV9KlLb4EexbojXcWQFq6SnMuGc2EjOnm:WKmQEexbozcWVGc2kO

Score

10^/10

pony

Malware Config

Extracted

Family

pony

C2

http://co58724.tmweb.ru/fav/gate.php

Signatures

Pony family
pony

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5828cea9f614955c2cb71a73ef9c2629JaffaCakes118_NeikiAnalytics

Files

5828cea9f614955c2cb71a73ef9c2629JaffaCakes118_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

476f92c8f9ddbcb805cdc5c61fbc5635

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtContinue

Sections

Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ