× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c726abc766688a680a7c4edd519998ccd436149f907cb5bc0df16137b60e73a2
File name: 2017-01-10-Pony-downloader.dll
Detection ratio: 54 / 58
Analysis date: 2017-02-21 05:41:41 UTC ( 3 days, 6 hours ago )
Antivirus Result Update
ALYac Trojan.AgentWDCR.JCD 20170221
AVG PSW.Generic13.THC 20170221
AVware Trojan.Win32.Fareit.j (fs) 20170221
Ad-Aware Trojan.AgentWDCR.JCD 20170221
AegisLab Troj.Psw.W32.Tepfer!c 20170221
AhnLab-V3 Trojan/Win32.Tepfer.C1741957 20170221
Antiy-AVL Trojan[PSW]/Win32.Tepfer 20170221
Arcabit Trojan.AgentWDCR.JCD 20170221
Avast Sf:Crypt-BI [Trj] 20170221
Avira (no cloud) TR/Kryptik.avp.8 20170220
Baidu Win32.Trojan-PSW.Fareit.a 20170221
BitDefender Trojan.AgentWDCR.JCD 20170221
Bkav W32.Clodddf.Trojan.e916 20170220
CAT-QuickHeal TrojanPWS.Fareit 20170220
CMC Trojan-PSW.Win32.Tepfer!O 20170220
ClamAV Win.Trojan.Fareit-403 20170221
Comodo TrojWare.Win32.PWS.Fareit.GS 20170221
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/Fareit.FBBC-2847 20170221
DrWeb Trojan.PWS.Stealer.13052 20170221
ESET-NOD32 Win32/PSW.Fareit.A 20170221
Emsisoft Trojan.AgentWDCR.JCD (B) 20170221
Endgame malicious (high confidence) 20170217
F-Prot W32/Fareit.ANP 20170221
F-Secure Trojan.AgentWDCR.JCD 20170221
Fortinet W32/FAREIT.SMYY!tr 20170221
GData Trojan.AgentWDCR.JCD 20170221
Ikarus Trojan-Spy.Zbot 20170220
Invincea pws.win32.qqpass.gp 20170203
Jiangmin Trojan.PSW.Tepfer.gau 20170221
K7AntiVirus Password-Stealer ( 003bbfec1 ) 20170220
K7GW Password-Stealer ( 003bbfec1 ) 20170220
Kaspersky Trojan-PSW.Win32.Tepfer.gen 20170221
Malwarebytes Spyware.Pony 20170221
McAfee Generic.avw 20170221
McAfee-GW-Edition BehavesLike.Win32.VTFlooder.lh 20170221
eScan Trojan.AgentWDCR.JCD 20170221
Microsoft PWS:Win32/Fareit.gen!E 20170220
NANO-Antivirus Trojan.Win32.Tepfer.ekisnh 20170221
Panda Trj/WLT.C 20170220
Qihoo-360 Win32/Trojan.PSW.c13 20170221
Rising Stealer.Fareit!8.170 (cloud:7RVoaxW3z1T) 20170221
SUPERAntiSpyware Trojan.Agent/Gen 20170220
Sophos Troj/Kryptik-FN 20170221
Symantec Downloader.Ponik 20170220
Tencent Win32.Trojan-qqpass.Qqrob.Afrh 20170221
TrendMicro TSPY_FAREIT.SMYY 20170221
TrendMicro-HouseCall TSPY_FAREIT.SMYY 20170221
VBA32 BScope.Malware-Cryptor.Ponik 20170220
VIPRE Trojan.Win32.Fareit.j (fs) 20170221
ViRobot Trojan.Win32.Z.Fareit.71680.C[h] 20170221
Webroot W32.Fareit 20170221
Yandex Trojan.PSteal.Gen.UL 20170220
Zillya Trojan.Tepfer.Win32.88872 20170220
Alibaba 20170221
Kingsoft 20170221
TheHacker 20170220
Trustlook 20170221
WhiteArmor 20170215
Zoner 20170221
nProtect 20170221
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-09 09:59:07
Entry Point 0x0000B89E
Number of sections 4
PE sections
PE imports
RegOpenCurrentUser
RegOpenKeyA
RegCloseKey
GetUserNameA
RegQueryValueExA
RegSetValueExA
IsTextUnicode
RegOpenKeyExA
RegCreateKeyA
RegEnumKeyExA
CreateToolhelp32Snapshot
GetLastError
Process32First
GetSystemInfo
lstrlenA
GetFileAttributesA
GetPrivateProfileSectionNamesA
LCMapStringA
GetTickCount
GetVersionExA
GlobalUnlock
LoadLibraryA
lstrlenW
Process32Next
GetCurrentProcess
GetCurrentDirectoryA
GetPrivateProfileStringA
GetLocaleInfoA
LocalAlloc
lstrcatA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
OpenProcess
GlobalLock
CreateMutexA
GetTempPathA
lstrcmpiA
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
lstrcmpA
ReadFile
SetUnhandledExceptionFilter
lstrcpyA
FindFirstFileA
CloseHandle
CreateFileMappingA
FindNextFileA
ExpandEnvironmentStringsA
LocalFree
TerminateProcess
CreateProcessA
UnmapViewOfFile
WriteFile
SetCurrentDirectoryA
FindClose
Sleep
CreateFileA
ExitProcess
GetProcAddress
GetFileSize
CreateStreamOnHGlobal
OleInitialize
CoCreateGuid
CoCreateInstance
GetHGlobalFromStream
CoTaskMemFree
StrStrA
StrStrIA
StrToIntA
StrRChrIA
StrStrIW
StrCmpNIA
ObtainUserAgentString
SendMessageA
wsprintfA
FindWindowExA
GetClassNameA
SendMessageW
LoadUserProfileA
UnloadUserProfile
InternetCrackUrlA
InternetCreateUrlA
setsockopt
socket
recv
inet_addr
send
WSAStartup
gethostbyname
connect
closesocket
select
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2017:01:09 10:59:07+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
52736

LinkerVersion
2.5

EntryPoint
0xb89e

InitializedDataSize
19456

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 7625e60d2cddc49ce16e4461ef157da8
SHA1 9a31550a2f8cd438416c235c4c65027cce167a7a
SHA256 c726abc766688a680a7c4edd519998ccd436149f907cb5bc0df16137b60e73a2
ssdeep
1536:apNRe3wVqTbyzvx+qHIstnlOBLdURvvKT/Lpcx:2NEgGqostlOBLdl/L

authentihash ceaa9176fc2ee5d1e00525252f3fa7e8fe72fa1eb19f3c3fdbd1f68338ac0fbe
imphash d6c03f1f7dc2828b2d560500f84ffb7a
File size 70.0 KB ( 71680 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (63.9%)
Win32 Executable MS Visual C++ (generic) (14.8%)
Win64 Executable (generic) (13.1%)
Win32 Dynamic Link Library (generic) (3.1%)
Win32 Executable (generic) (2.1%)
Tags
pedll

VirusTotal metadata
First submission 2017-01-10 16:59:58 UTC ( 1 month, 2 weeks ago )
Last submission 2017-02-21 05:41:41 UTC ( 3 days, 6 hours ago )
File names sa72_2017-01-11T00.07.23+0100_10.1.10.107-49258_206.196.99.49-80_7625e60d2cddc49ce16e4461ef157da8_2.dll
pm1.nope
2017-01-10-Pony-downloader.dll
Pony-downloader.dll
output.106156415.txt
pm1.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!