× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c726abc766688a680a7c4edd519998ccd436149f907cb5bc0df16137b60e73a2
File name: 2017-01-10-Pony-downloader.dll
Detection ratio: 56 / 61
Analysis date: 2017-03-15 10:28:44 UTC ( 1 week, 3 days ago )
Antivirus Result Update
Ad-Aware Trojan.AgentWDCR.JCD 20170315
AegisLab Troj.W32.Gen.lDfK 20170315
AhnLab-V3 Trojan/Win32.Tepfer.C1741957 20170314
ALYac Trojan.AgentWDCR.JCD 20170315
Antiy-AVL Trojan[PSW]/Win32.Tepfer 20170315
Arcabit Trojan.AgentWDCR.JCD 20170315
Avast Sf:Crypt-BI [Trj] 20170315
AVG PSW.Generic13.THC 20170315
Avira (no cloud) TR/Kryptik.avp.8 20170315
AVware Trojan.Win32.Fareit.j (fs) 20170315
Baidu Win32.Trojan-PSW.Fareit.a 20170315
BitDefender Trojan.AgentWDCR.JCD 20170315
Bkav W32.Clodddf.Trojan.e916 20170314
CAT-QuickHeal TrojanPWS.Fareit 20170314
ClamAV Win.Trojan.Fareit-403 20170315
CMC Trojan-PSW.Win32.Tepfer!O 20170315
Comodo TrojWare.Win32.Fareit.~A 20170315
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/Fareit.FBBC-2847 20170315
DrWeb Trojan.PWS.Stealer.13052 20170315
Emsisoft Trojan.AgentWDCR.JCD (B) 20170315
Endgame malicious (high confidence) 20170222
ESET-NOD32 Win32/PSW.Fareit.A 20170315
F-Prot W32/Fareit.ANP 20170315
F-Secure Trojan.AgentWDCR.JCD 20170315
Fortinet W32/FAREIT.SMYY!tr 20170315
GData Win32.Trojan-Stealer.Fareit.AD 20170315
Ikarus Trojan-PSW.Fareit 20170315
Invincea pws.win32.qqpass.gp 20170203
Jiangmin Trojan.PSW.Tepfer.gau 20170315
K7AntiVirus Password-Stealer ( 003bbfec1 ) 20170315
K7GW Password-Stealer ( 003bbfec1 ) 20170315
Kaspersky Trojan-PSW.Win32.Tepfer.gen 20170315
Malwarebytes Spyware.Pony 20170315
McAfee Generic.avw 20170315
McAfee-GW-Edition BehavesLike.Win32.StartPage.lh 20170315
Microsoft PWS:Win32/Fareit.gen!E 20170315
eScan Trojan.AgentWDCR.JCD 20170315
NANO-Antivirus Trojan.Win32.Tepfer.ekisnh 20170315
Palo Alto Networks (Known Signatures) generic.ml 20170315
Panda Trj/WLT.C 20170314
Qihoo-360 Win32/Trojan.PSW.c13 20170315
Rising Stealer.Fareit!8.170 (cloud:7RVoaxW3z1T) 20170315
Sophos Troj/Kryptik-FN 20170315
SUPERAntiSpyware Trojan.Agent/Gen 20170315
Symantec Downloader.Ponik 20170314
Tencent Win32.Trojan-qqpass.Qqrob.Afrh 20170315
TrendMicro TSPY_FAREIT.SMYY 20170315
TrendMicro-HouseCall TSPY_FAREIT.SMYY 20170315
VBA32 BScope.Malware-Cryptor.Ponik 20170315
VIPRE Trojan.Win32.Fareit.j (fs) 20170315
ViRobot Trojan.Win32.Z.Fareit.71680.C[h] 20170315
Webroot W32.Fareit 20170315
Yandex Trojan.PSteal.Gen.UL 20170315
Zillya Trojan.Tepfer.Win32.88872 20170314
ZoneAlarm by Check Point Trojan-PSW.Win32.Tepfer.gen 20170315
Alibaba 20170228
Kingsoft 20170315
nProtect 20170315
TheHacker 20170315
TotalDefense 20170315
Trustlook 20170315
WhiteArmor 20170315
Zoner 20170315
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-09 09:59:07
Entry Point 0x0000B89E
Number of sections 4
PE sections
PE imports
RegOpenCurrentUser
RegOpenKeyA
RegCloseKey
GetUserNameA
RegQueryValueExA
RegSetValueExA
IsTextUnicode
RegOpenKeyExA
RegCreateKeyA
RegEnumKeyExA
CreateToolhelp32Snapshot
GetLastError
Process32First
GetSystemInfo
lstrlenA
GetFileAttributesA
GetPrivateProfileSectionNamesA
LCMapStringA
GetTickCount
GetVersionExA
GlobalUnlock
LoadLibraryA
lstrlenW
Process32Next
GetCurrentProcess
GetCurrentDirectoryA
GetPrivateProfileStringA
GetLocaleInfoA
LocalAlloc
lstrcatA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
OpenProcess
GlobalLock
CreateMutexA
GetTempPathA
lstrcmpiA
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
lstrcmpA
ReadFile
SetUnhandledExceptionFilter
lstrcpyA
FindFirstFileA
CloseHandle
CreateFileMappingA
FindNextFileA
ExpandEnvironmentStringsA
LocalFree
TerminateProcess
CreateProcessA
UnmapViewOfFile
WriteFile
SetCurrentDirectoryA
FindClose
Sleep
CreateFileA
ExitProcess
GetProcAddress
GetFileSize
CreateStreamOnHGlobal
OleInitialize
CoCreateGuid
CoCreateInstance
GetHGlobalFromStream
CoTaskMemFree
StrStrA
StrStrIA
StrToIntA
StrRChrIA
StrStrIW
StrCmpNIA
ObtainUserAgentString
SendMessageA
wsprintfA
FindWindowExA
GetClassNameA
SendMessageW
LoadUserProfileA
UnloadUserProfile
InternetCrackUrlA
InternetCreateUrlA
setsockopt
socket
recv
inet_addr
send
WSAStartup
gethostbyname
connect
closesocket
select
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2017:01:09 10:59:07+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
52736

LinkerVersion
2.5

EntryPoint
0xb89e

InitializedDataSize
19456

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 7625e60d2cddc49ce16e4461ef157da8
SHA1 9a31550a2f8cd438416c235c4c65027cce167a7a
SHA256 c726abc766688a680a7c4edd519998ccd436149f907cb5bc0df16137b60e73a2
ssdeep
1536:apNRe3wVqTbyzvx+qHIstnlOBLdURvvKT/Lpcx:2NEgGqostlOBLdl/L

authentihash ceaa9176fc2ee5d1e00525252f3fa7e8fe72fa1eb19f3c3fdbd1f68338ac0fbe
imphash d6c03f1f7dc2828b2d560500f84ffb7a
File size 70.0 KB ( 71680 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (63.9%)
Win32 Executable MS Visual C++ (generic) (14.8%)
Win64 Executable (generic) (13.1%)
Win32 Dynamic Link Library (generic) (3.1%)
Win32 Executable (generic) (2.1%)
Tags
pedll

VirusTotal metadata
First submission 2017-01-10 16:59:58 UTC ( 2 months, 1 week ago )
Last submission 2017-03-15 10:28:44 UTC ( 1 week, 3 days ago )
File names sa72_2017-01-11T00.07.23+0100_10.1.10.107-49258_206.196.99.49-80_7625e60d2cddc49ce16e4461ef157da8_2.dll
pm1.nope
2017-01-10-Pony-downloader.dll
Pony-downloader.dll
output.106156415.txt
pm1.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!