pony | ddd190542c7800b86fc85fcc00af5201_JaffaCakes118

General

Target

ddd190542c7800b86fc85fcc00af5201_JaffaCakes118
Size

3.0MB
MD5

ddd190542c7800b86fc85fcc00af5201
SHA1

147a227511a301bd4959c560039462a2a70f53f3
SHA256

f9134d27ebcf150b1da4d86b1e5bf9aaf9189e5418aa0e320a1babca29e670d8
SHA512

eba0763751b4aeff198231b60a47cb8ea9419effa055aca1419c2fdeae674d77dd4837fec128e7fdce53024a8e8538f0739046cb442918dce777d2b726ac6907
SSDEEP

6144:Kdw+lZ561GURJScfuxaYFgqITasezjwFBGGSt9OjEIqWVva8jOHm0SnMuGc2vExn:KddlHUS7veaFzeYFtRqVxOOGc2l

Score

10^/10

pony

Malware Config

Extracted

Family

pony

C2

http://singatradeing.com/luoyandong/coreserver/gate.php

Attributes

payload_url
http://singatradeing.com/luoyandong/coreserver/shit.exe

Signatures

Pony family
pony

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ddd190542c7800b86fc85fcc00af5201_JaffaCakes118

Files

ddd190542c7800b86fc85fcc00af5201_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7d695bc7d60be0f0c765c470e5c9414d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaCyMul
__vbaStrVarMove
ord695
ord589
__vbaFreeVarList
__vbaVarIdiv
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
ord660
__vbaSetSystemError
ord661
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
ord631
ord525
__vbaChkstk
ord526
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaPrintObj
DllFunctionCall
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
_CIlog
__vbaErrorOverflow
ord646
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaFreeStrList
ord575
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaI4Var
ord610
__vbaLateMemCall
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
ord612
__vbaStrComp
__vbaFpI4
_CIatan
__vbaStrMove
ord540
_allmul
ord544
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

7d695bc7d60be0f0c765c470e5c9414d

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 20KB - Virtual size: 19KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 20KB - Virtual size: 19KB