× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c726abc766688a680a7c4edd519998ccd436149f907cb5bc0df16137b60e73a2
File name: output.106156415.txt
Detection ratio: 48 / 56
Analysis date: 2017-01-18 22:56:47 UTC ( 18 hours, 7 minutes ago )
Antivirus Result Update
ALYac Generic.PWS.2.E23B1B12 20170118
AVG PSW.Generic13.THC 20170118
AVware Trojan.Win32.Fareit.j (fs) 20170118
Ad-Aware Generic.PWS.2.E23B1B12 20170118
AegisLab Troj.W32.Gen.lDfK 20170118
AhnLab-V3 Trojan/Win32.Tepfer.C1741957 20170118
Antiy-AVL Trojan[PSW]/Win32.Tepfer 20170118
Arcabit Generic.PWS.2.E23B1B12 20170118
Avast Sf:Crypt-BI [Trj] 20170118
Avira (no cloud) TR/Kryptik.avp.8 20170118
Baidu Win32.Trojan-PSW.Fareit.a 20170118
BitDefender Generic.PWS.2.E23B1B12 20170118
CAT-QuickHeal TrojanPWS.Fareit 20170118
ClamAV Win.Trojan.Fareit-403 20170118
Comodo TrojWare.Win32.PWS.Fareit.GS 20170118
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Cyren W32/PWS.DIVX-1631 20170118
DrWeb Trojan.PWS.Stealer.13052 20170118
ESET-NOD32 a variant of Win32/PSW.Fareit.A 20170118
Emsisoft Generic.PWS.2.E23B1B12 (B) 20170118
F-Secure Generic.PWS.2.E23B1B12 20170118
Fortinet W32/FAREIT.SMYY!tr 20170118
GData Generic.PWS.2.E23B1B12 20170118
Ikarus Trojan.Win32.Pony 20170118
Invincea pws.win32.qqpass.gp 20170111
Jiangmin Trojan.PSW.Tepfer.gau 20170118
K7AntiVirus Password-Stealer ( 003bbfec1 ) 20170118
K7GW Password-Stealer ( 003bbfec1 ) 20170118
Kaspersky Trojan-PSW.Win32.Tepfer.gen 20170118
Malwarebytes Spyware.Pony 20170118
McAfee Generic.avw 20170118
McAfee-GW-Edition BehavesLike.Win32.Conficker.lh 20170118
eScan Generic.PWS.2.E23B1B12 20170118
Microsoft PWS:Win32/Fareit.gen!E 20170118
NANO-Antivirus Trojan.Win32.Tepfer.ekisnh 20170118
Panda Trj/GdSda.A 20170118
Qihoo-360 Win32/Trojan.PSW.c13 20170118
Rising Malware.Generic!V8MeClyxsvJ@2 (thunder) 20170118
SUPERAntiSpyware Trojan.Agent/Gen 20170118
Sophos Troj/Kryptik-FN 20170118
Symantec ML.Relationship.HighConfidence [Downloader.Ponik] 20170118
Tencent Win32.Trojan-qqpass.Qqrob.Afrh 20170118
TrendMicro TSPY_FAREIT.SMYY 20170118
TrendMicro-HouseCall TSPY_FAREIT.SMYY 20170118
VBA32 BScope.Malware-Cryptor.Ponik 20170118
VIPRE Trojan.Win32.Fareit.j (fs) 20170118
ViRobot Trojan.Win32.Z.Fareit.71680.C[h] 20170118
Yandex Trojan.PSteal.Gen.UL 20170118
Alibaba 20170118
CMC 20170118
F-Prot 20170118
Kingsoft 20170118
TheHacker 20170117
TotalDefense 20170118
Trustlook 20170118
WhiteArmor 20170117
Zillya 20170117
Zoner 20170118
nProtect 20170118
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-09 09:59:07
Entry Point 0x0000B89E
Number of sections 4
PE sections
PE imports
RegOpenCurrentUser
RegOpenKeyA
RegCloseKey
GetUserNameA
RegQueryValueExA
RegSetValueExA
IsTextUnicode
RegOpenKeyExA
RegCreateKeyA
RegEnumKeyExA
CreateToolhelp32Snapshot
GetLastError
Process32First
GetSystemInfo
lstrlenA
GetFileAttributesA
GetPrivateProfileSectionNamesA
LCMapStringA
GetTickCount
GetVersionExA
GlobalUnlock
LoadLibraryA
lstrlenW
Process32Next
GetCurrentProcess
GetCurrentDirectoryA
GetPrivateProfileStringA
GetLocaleInfoA
LocalAlloc
lstrcatA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
OpenProcess
GlobalLock
CreateMutexA
GetTempPathA
lstrcmpiA
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
lstrcmpA
ReadFile
SetUnhandledExceptionFilter
lstrcpyA
FindFirstFileA
CloseHandle
CreateFileMappingA
FindNextFileA
ExpandEnvironmentStringsA
LocalFree
TerminateProcess
CreateProcessA
UnmapViewOfFile
WriteFile
SetCurrentDirectoryA
FindClose
Sleep
CreateFileA
ExitProcess
GetProcAddress
GetFileSize
CreateStreamOnHGlobal
OleInitialize
CoCreateGuid
CoCreateInstance
GetHGlobalFromStream
CoTaskMemFree
StrStrA
StrStrIA
StrToIntA
StrRChrIA
StrStrIW
StrCmpNIA
ObtainUserAgentString
SendMessageA
wsprintfA
FindWindowExA
GetClassNameA
SendMessageW
LoadUserProfileA
UnloadUserProfile
InternetCrackUrlA
InternetCreateUrlA
setsockopt
socket
recv
inet_addr
send
WSAStartup
gethostbyname
connect
closesocket
select
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2017:01:09 10:59:07+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
52736

LinkerVersion
2.5

EntryPoint
0xb89e

InitializedDataSize
19456

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 7625e60d2cddc49ce16e4461ef157da8
SHA1 9a31550a2f8cd438416c235c4c65027cce167a7a
SHA256 c726abc766688a680a7c4edd519998ccd436149f907cb5bc0df16137b60e73a2
ssdeep
1536:apNRe3wVqTbyzvx+qHIstnlOBLdURvvKT/Lpcx:2NEgGqostlOBLdl/L

authentihash ceaa9176fc2ee5d1e00525252f3fa7e8fe72fa1eb19f3c3fdbd1f68338ac0fbe
imphash d6c03f1f7dc2828b2d560500f84ffb7a
File size 70.0 KB ( 71680 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (63.9%)
Win32 Executable MS Visual C++ (generic) (14.8%)
Win64 Executable (generic) (13.1%)
Win32 Dynamic Link Library (generic) (3.1%)
Win32 Executable (generic) (2.1%)
Tags
pedll

VirusTotal metadata
First submission 2017-01-10 16:59:58 UTC ( 1 week, 2 days ago )
Last submission 2017-01-18 22:56:47 UTC ( 18 hours, 7 minutes ago )
File names sa72_2017-01-11T00.07.23+0100_10.1.10.107-49258_206.196.99.49-80_7625e60d2cddc49ce16e4461ef157da8_2.dll
pm1.nope
2017-01-10-Pony-downloader.dll
Pony-downloader.dll
output.106156415.txt
pm1.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!