pony | c14bc8a9d793564c90f036373dc9265f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c14bc8a9d793564c90f036373dc9265f_JaffaCakes118
Size

2.2MB
MD5

c14bc8a9d793564c90f036373dc9265f
SHA1

4fc8c85a8b05b8486763d4fd664c79617ad19d3f
SHA256

2809fb6e5f448c47aa9795d5c7ea09f58b3d77f144951f2e1af2976e9c12a8e9
SHA512

2df0a80ac831bbeb1334b235c5e7efeb7a44bec7c54cd1f6998fa90914c40dd111fe9cd7c30155b8f4f965248860630c5c281ff9fd35e531ea8b961abe7a6ad7
SSDEEP

24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZX:0UzeyQMS4DqodCnoe+iitjWwwL

Score

10^/10

pony

Malware Config

Extracted

Family

pony

C2

http://don.service-master.eu/gate.php

Attributes

payload_url
http://don.service-master.eu/shit.exe

Signatures

Pony family
pony

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c14bc8a9d793564c90f036373dc9265f_JaffaCakes118

Files

c14bc8a9d793564c90f036373dc9265f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 433KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ