pony | 36fd09cdb51e701f7affabecc456d5b73b8dbe486b7d8fe9f4775597f77f5eccN[.]exe

General

Target

36fd09cdb51e701f7affabecc456d5b73b8dbe486b7d8fe9f4775597f77f5eccN.exe
Size

152KB
MD5

26bdcc74b18322fb4515a6577424f610
SHA1

268f0a76e7ab0f8225454fab9bfe37f8add6e1f0
SHA256

36fd09cdb51e701f7affabecc456d5b73b8dbe486b7d8fe9f4775597f77f5ecc
SHA512

3ca865614a98b5cbc937e9ecb53ad8a1868a00c55b1c61ee82d6577aeef27a91e1c645f19edd830d3bcca0cd39e7d96b8acc8eb82d5ba0fbaab6c40a7ae4fc79
SSDEEP

3072:OlcucIca/MVHaOtU7ST2/reD5Koutkc53u:OlcXIca/M0OtGx/r+5KoSkE+

Score

10^/10

upx pony

Malware Config

Extracted

Family

pony

C2

http://chipservice.by/includes/phpmailer/red.php

http://avtoritet13.ru/catalog/model/tool/red.php

http://autopodval.ru/catalog/model/module/red.php

http://www.brevna.ru/search/map/red.php

http://pinek.ru/priceManager/doc/red.php

http://svitaliyo.atservers.net/packages/red.php

http://bryanosti.ru/modules/book/red.php

http://kit.ucoz.com/html/bbn.dat

http://interlude.ucoz.com/bbcodes/bbn.dat

http://interlude.ucoz.com/images/bbn.dat

http://cs-clan-ak47.ucoz.ru/_fr/bbn.dat

Signatures

Pony family
pony

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36fd09cdb51e701f7affabecc456d5b73b8dbe486b7d8fe9f4775597f77f5eccN.exe

Files

36fd09cdb51e701f7affabecc456d5b73b8dbe486b7d8fe9f4775597f77f5eccN.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 98KB - Virtual size: 184KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: 98KB - Virtual size: 184KB

UPX1 Size: 33KB - Virtual size: 36KB

.rsrc Size: 18KB - Virtual size: 100KB

.imports Size: 2KB - Virtual size: 4KB

UPX0
Size: 98KB - Virtual size: 184KB

UPX1
Size: 33KB - Virtual size: 36KB

.rsrc
Size: 18KB - Virtual size: 100KB

.imports
Size: 2KB - Virtual size: 4KB