× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c726abc766688a680a7c4edd519998ccd436149f907cb5bc0df16137b60e73a2
File name: pm1.dll
Detection ratio: 58 / 61
Analysis date: 2017-07-02 01:25:18 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.AgentWDCR.JCD 20170702
AegisLab Troj.Psw.W32.Tepfer!c 20170702
AhnLab-V3 Trojan/Win32.Tepfer.C1741957 20170701
ALYac Trojan.AgentWDCR.JCD 20170702
Antiy-AVL Trojan[PSW]/Win32.Tepfer 20170630
Arcabit Trojan.AgentWDCR.JCD 20170702
Avast Sf:Crypt-BI [Trj] 20170701
AVG Sf:Crypt-BI [Trj] 20170701
Avira (no cloud) TR/Kryptik.avp.8 20170701
AVware Trojan.Win32.Fareit.j (fs) 20170701
Baidu Win32.Trojan-PSW.Fareit.a 20170630
BitDefender Trojan.AgentWDCR.JCD 20170701
Bkav W32.Clodddf.Trojan.e916 20170701
CAT-QuickHeal TrojanPWS.Fareit 20170701
ClamAV Win.Trojan.Fareit-403 20170701
CMC Trojan-PSW.Win32.Tepfer!O 20170701
Comodo TrojWare.Win32.Fareit.~A 20170702
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170420
Cyren W32/Fareit.FBBC-2847 20170701
DrWeb Trojan.PWS.Stealer.13052 20170701
Emsisoft Trojan.AgentWDCR.JCD (B) 20170701
Endgame malicious (high confidence) 20170629
ESET-NOD32 Win32/PSW.Fareit.A 20170701
F-Prot W32/Fareit.ANP 20170702
F-Secure Trojan:W32/Fareit.I 20170701
Fortinet W32/FAREIT.SMYY!tr 20170629
GData Win32.Trojan-Stealer.Fareit.AD 20170701
Ikarus Trojan-PSW.Fareit 20170701
Sophos ML heuristic 20170607
Jiangmin Trojan.PSW.Tepfer.gau 20170701
K7AntiVirus Password-Stealer ( 003bbfec1 ) 20170701
K7GW Password-Stealer ( 003bbfec1 ) 20170702
Kaspersky Trojan-PSW.Win32.Tepfer.gen 20170702
Malwarebytes Spyware.Pony 20170701
McAfee Generic.avw 20170701
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.lh 20170701
Microsoft PWS:Win32/Fareit.gen!E 20170701
eScan Trojan.AgentWDCR.JCD 20170702
NANO-Antivirus Trojan.Win32.Tepfer.ekisnh 20170701
Palo Alto Networks (Known Signatures) generic.ml 20170702
Panda Trj/WLT.C 20170701
Qihoo-360 Win32/Trojan.PSW.c13 20170702
Rising Trojan.Win32.Fareit.to (ktse) 20170701
SentinelOne (Static ML) static engine - malicious 20170516
Sophos AV Troj/Kryptik-FN 20170702
SUPERAntiSpyware Trojan.Agent/Gen 20170701
Symantec Downloader.Ponik!gm 20170701
Tencent Win32.Trojan-qqpass.Qqrob.Afrh 20170702
TrendMicro TSPY_FAREIT.SMYY 20170702
TrendMicro-HouseCall TSPY_FAREIT.SMYY 20170702
VBA32 BScope.Malware-Cryptor.Ponik 20170630
VIPRE Trojan.Win32.Fareit.j (fs) 20170701
ViRobot Trojan.Win32.Z.Fareit.71680.C 20170701
Webroot W32.Fareit 20170702
Yandex Trojan.PSteal.Gen.UL 20170630
Zillya Trojan.Tepfer.Win32.88872 20170701
ZoneAlarm by Check Point Trojan-PSW.Win32.Tepfer.gen 20170702
Zoner Trojan.Fareit 20170702
Alibaba 20170701
Kingsoft 20170702
nProtect 20170702
Symantec Mobile Insight 20170630
TheHacker 20170628
Trustlook 20170702
WhiteArmor 20170627
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-09 09:59:07
Entry Point 0x0000B89E
Number of sections 4
PE sections
PE imports
RegOpenCurrentUser
RegOpenKeyA
RegCloseKey
GetUserNameA
RegQueryValueExA
RegSetValueExA
IsTextUnicode
RegOpenKeyExA
RegCreateKeyA
RegEnumKeyExA
CreateToolhelp32Snapshot
GetLastError
Process32First
GetSystemInfo
lstrlenA
GetFileAttributesA
GetPrivateProfileSectionNamesA
LCMapStringA
GetTickCount
GetVersionExA
GlobalUnlock
LoadLibraryA
lstrlenW
Process32Next
GetCurrentProcess
GetCurrentDirectoryA
GetPrivateProfileStringA
GetLocaleInfoA
LocalAlloc
lstrcatA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
OpenProcess
GlobalLock
CreateMutexA
GetTempPathA
lstrcmpiA
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
lstrcmpA
ReadFile
SetUnhandledExceptionFilter
lstrcpyA
FindFirstFileA
CloseHandle
CreateFileMappingA
FindNextFileA
ExpandEnvironmentStringsA
LocalFree
TerminateProcess
CreateProcessA
UnmapViewOfFile
WriteFile
SetCurrentDirectoryA
FindClose
Sleep
CreateFileA
ExitProcess
GetProcAddress
GetFileSize
CreateStreamOnHGlobal
OleInitialize
CoCreateGuid
CoCreateInstance
GetHGlobalFromStream
CoTaskMemFree
StrStrA
StrStrIA
StrToIntA
StrRChrIA
StrStrIW
StrCmpNIA
ObtainUserAgentString
SendMessageA
wsprintfA
FindWindowExA
GetClassNameA
SendMessageW
LoadUserProfileA
UnloadUserProfile
InternetCrackUrlA
InternetCreateUrlA
setsockopt
socket
recv
inet_addr
send
WSAStartup
gethostbyname
connect
closesocket
select
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:01:09 10:59:07+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
52736

LinkerVersion
2.5

FileTypeExtension
dll

InitializedDataSize
19456

SubsystemVersion
4.0

EntryPoint
0xb89e

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 7625e60d2cddc49ce16e4461ef157da8
SHA1 9a31550a2f8cd438416c235c4c65027cce167a7a
SHA256 c726abc766688a680a7c4edd519998ccd436149f907cb5bc0df16137b60e73a2
ssdeep
1536:apNRe3wVqTbyzvx+qHIstnlOBLdURvvKT/Lpcx:2NEgGqostlOBLdl/L

authentihash ceaa9176fc2ee5d1e00525252f3fa7e8fe72fa1eb19f3c3fdbd1f68338ac0fbe
imphash d6c03f1f7dc2828b2d560500f84ffb7a
File size 70.0 KB ( 71680 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (63.9%)
Win32 Executable MS Visual C++ (generic) (14.8%)
Win64 Executable (generic) (13.1%)
Win32 Dynamic Link Library (generic) (3.1%)
Win32 Executable (generic) (2.1%)
Tags
pedll

VirusTotal metadata
First submission 2017-01-10 16:59:58 UTC ( 7 months, 1 week ago )
Last submission 2017-07-02 01:25:18 UTC ( 1 month, 2 weeks ago )
File names sa72_2017-01-11T00.07.23+0100_10.1.10.107-49258_206.196.99.49-80_7625e60d2cddc49ce16e4461ef157da8_2.dll
aa
output.110696000.txt
pm1.nope
Tusc.xlt
pm1.dll
Pony-downloader.dll
output.106156415.txt
2017-01-10-Pony-downloader.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!