File name: | #108 Shipping Doc.rar |
Full analysis: | https://app.any.run/tasks/9448f95f-e254-4b4a-9be0-880fa6df48ee |
Verdict: | Malicious activity |
Threats: | Pony is a malware with two main functions — stealing information and dropping other viruses with different tasks on infected machines. It has been around since 2011, and it still actively attacks users in Europe and America. |
Analysis date: | June 18, 2019, 22:04:38 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v4, os: Win32 |
MD5: | 08266184B40EBF7E17365D6B0031A1E5 |
SHA1: | C921E774A0497C52EC8E9A5FB2D1DD11CB1DAD87 |
SHA256: | 8A49C3EA40BB73813C234D7F28ED3427AFBA0916FD530F2F8EC4659A25B7A0C3 |
SSDEEP: | 24576:ljl680PYlrYmoVMKPSLHb14W9uD9RBFN+UX:xl680PYlrGVMKIR6DBmUX |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
CompressedSize: | 855288 |
---|---|
UncompressedSize: | 1574912 |
OperatingSystem: | Win32 |
ModifyDate: | 2019:06:18 22:26:24 |
PackingMethod: | Normal |
ArchivedFileName: | #108 Shipping Doc.exe |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3612 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\#108 Shipping Doc.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2504 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3612.272\#108 Shipping Doc.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3612.272\#108 Shipping Doc.exe | — | WinRAR.exe |
User: admin Company: where Integrity Level: MEDIUM Description: quickassist Exit code: 0 Version: 2.674.283.480 | ||||
2148 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3612.272\#108 Shipping Doc.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3612.272\#108 Shipping Doc.exe | — | #108 Shipping Doc.exe |
User: admin Company: where Integrity Level: MEDIUM Description: quickassist Exit code: 0 Version: 2.674.283.480 | ||||
2616 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3612.272\#108 Shipping Doc.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3612.272\#108 Shipping Doc.exe | #108 Shipping Doc.exe | |
User: admin Company: where Integrity Level: MEDIUM Description: quickassist Version: 2.674.283.480 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3612 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3612.272\#108 Shipping Doc.exe | executable | |
MD5:9EF6075CE2C7E82160AD2E66BA278C08 | SHA256:9DFD30132AC453AFCD330685A8FE43D9174487F4A3B0D8E7A4BF99E5AD4C4A4D |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2616 | #108 Shipping Doc.exe | POST | — | 161.117.89.24:80 | http://vman23.com/ab4/gate.php | SG | — | — | unknown |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 161.117.89.24:80 | vman23.com | — | SG | unknown |
Domain | IP | Reputation |
---|---|---|
vman23.com |
| unknown |