× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c726abc766688a680a7c4edd519998ccd436149f907cb5bc0df16137b60e73a2
File name: 2017-01-10-Pony-downloader.dll
Detection ratio: 57 / 62
Analysis date: 2017-05-05 11:40:23 UTC ( 3 weeks, 1 day ago )
Antivirus Result Update
Ad-Aware Trojan.AgentWDCR.JCD 20170505
AegisLab Troj.Psw.W32.Tepfer!c 20170505
AhnLab-V3 Trojan/Win32.Tepfer.C1741957 20170504
ALYac Trojan.AgentWDCR.JCD 20170505
Antiy-AVL Trojan[PSW]/Win32.Tepfer 20170505
Arcabit Trojan.AgentWDCR.JCD 20170505
Avast Sf:Crypt-BI [Trj] 20170505
AVG PSW.Generic13.THC 20170505
Avira (no cloud) TR/Kryptik.avp.8 20170505
AVware Trojan.Win32.Fareit.j (fs) 20170505
Baidu Win32.Trojan-PSW.Fareit.a 20170503
BitDefender Trojan.AgentWDCR.JCD 20170505
Bkav W32.Clodddf.Trojan.e916 20170505
CAT-QuickHeal TrojanPWS.Fareit 20170504
ClamAV Win.Trojan.Fareit-403 20170505
CMC Trojan-PSW.Win32.Tepfer!O 20170504
Comodo TrojWare.Win32.Fareit.~A 20170505
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/Fareit.FBBC-2847 20170505
DrWeb Trojan.PWS.Stealer.13052 20170505
Emsisoft Trojan.AgentWDCR.JCD (B) 20170505
Endgame malicious (high confidence) 20170503
ESET-NOD32 Win32/PSW.Fareit.A 20170505
F-Prot W32/Fareit.ANP 20170505
F-Secure Trojan.AgentWDCR.JCD 20170505
Fortinet W32/FAREIT.SMYY!tr 20170505
GData Win32.Trojan-Stealer.Fareit.AD 20170505
Ikarus Trojan-PSW.Fareit 20170505
Invincea pws.win32.qqpass.gp 20170413
Jiangmin Trojan.PSW.Tepfer.gau 20170505
K7AntiVirus Password-Stealer ( 003bbfec1 ) 20170505
K7GW Password-Stealer ( 003bbfec1 ) 20170505
Kaspersky Trojan-PSW.Win32.Tepfer.gen 20170505
Malwarebytes Spyware.Pony 20170505
McAfee Generic.avw 20170505
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.lh 20170504
Microsoft PWS:Win32/Fareit.gen!E 20170505
eScan Trojan.AgentWDCR.JCD 20170505
NANO-Antivirus Trojan.Win32.Tepfer.ekisnh 20170505
Palo Alto Networks (Known Signatures) generic.ml 20170505
Panda Trj/WLT.C 20170505
Qihoo-360 Win32/Trojan.PSW.c13 20170505
SentinelOne (Static ML) static engine - malicious 20170330
Sophos Troj/Kryptik-FN 20170505
SUPERAntiSpyware Trojan.Agent/Gen 20170505
Symantec Downloader.Ponik 20170504
Tencent Win32.Trojan-qqpass.Qqrob.Afrh 20170505
TrendMicro TSPY_FAREIT.SMYY 20170505
TrendMicro-HouseCall TSPY_FAREIT.SMYY 20170505
VBA32 BScope.Malware-Cryptor.Ponik 20170505
VIPRE Trojan.Win32.Fareit.j (fs) 20170505
ViRobot Trojan.Win32.Z.Fareit.71680.C[h] 20170505
Webroot W32.Fareit 20170505
Yandex Trojan.PSteal.Gen.UL 20170504
Zillya Trojan.Tepfer.Win32.88872 20170505
ZoneAlarm by Check Point Trojan-PSW.Win32.Tepfer.gen 20170505
Zoner Trojan.Fareit 20170505
Alibaba 20170505
Kingsoft 20170505
nProtect 20170505
Rising None
Symantec Mobile Insight 20170504
TheHacker 20170505
TotalDefense 20170505
WhiteArmor 20170502
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-09 09:59:07
Entry Point 0x0000B89E
Number of sections 4
PE sections
PE imports
RegOpenCurrentUser
RegOpenKeyA
RegCloseKey
GetUserNameA
RegQueryValueExA
RegSetValueExA
IsTextUnicode
RegOpenKeyExA
RegCreateKeyA
RegEnumKeyExA
CreateToolhelp32Snapshot
GetLastError
Process32First
GetSystemInfo
lstrlenA
GetFileAttributesA
GetPrivateProfileSectionNamesA
LCMapStringA
GetTickCount
GetVersionExA
GlobalUnlock
LoadLibraryA
lstrlenW
Process32Next
GetCurrentProcess
GetCurrentDirectoryA
GetPrivateProfileStringA
GetLocaleInfoA
LocalAlloc
lstrcatA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
OpenProcess
GlobalLock
CreateMutexA
GetTempPathA
lstrcmpiA
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
lstrcmpA
ReadFile
SetUnhandledExceptionFilter
lstrcpyA
FindFirstFileA
CloseHandle
CreateFileMappingA
FindNextFileA
ExpandEnvironmentStringsA
LocalFree
TerminateProcess
CreateProcessA
UnmapViewOfFile
WriteFile
SetCurrentDirectoryA
FindClose
Sleep
CreateFileA
ExitProcess
GetProcAddress
GetFileSize
CreateStreamOnHGlobal
OleInitialize
CoCreateGuid
CoCreateInstance
GetHGlobalFromStream
CoTaskMemFree
StrStrA
StrStrIA
StrToIntA
StrRChrIA
StrStrIW
StrCmpNIA
ObtainUserAgentString
SendMessageA
wsprintfA
FindWindowExA
GetClassNameA
SendMessageW
LoadUserProfileA
UnloadUserProfile
InternetCrackUrlA
InternetCreateUrlA
setsockopt
socket
recv
inet_addr
send
WSAStartup
gethostbyname
connect
closesocket
select
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2017:01:09 10:59:07+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
52736

LinkerVersion
2.5

EntryPoint
0xb89e

InitializedDataSize
19456

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 7625e60d2cddc49ce16e4461ef157da8
SHA1 9a31550a2f8cd438416c235c4c65027cce167a7a
SHA256 c726abc766688a680a7c4edd519998ccd436149f907cb5bc0df16137b60e73a2
ssdeep
1536:apNRe3wVqTbyzvx+qHIstnlOBLdURvvKT/Lpcx:2NEgGqostlOBLdl/L

authentihash ceaa9176fc2ee5d1e00525252f3fa7e8fe72fa1eb19f3c3fdbd1f68338ac0fbe
imphash d6c03f1f7dc2828b2d560500f84ffb7a
File size 70.0 KB ( 71680 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (63.9%)
Win32 Executable MS Visual C++ (generic) (14.8%)
Win64 Executable (generic) (13.1%)
Win32 Dynamic Link Library (generic) (3.1%)
Win32 Executable (generic) (2.1%)
Tags
pedll

VirusTotal metadata
First submission 2017-01-10 16:59:58 UTC ( 4 months, 2 weeks ago )
Last submission 2017-05-05 11:40:23 UTC ( 3 weeks, 1 day ago )
File names sa72_2017-01-11T00.07.23+0100_10.1.10.107-49258_206.196.99.49-80_7625e60d2cddc49ce16e4461ef157da8_2.dll
output.110696000.txt
pm1.nope
2017-01-10-Pony-downloader.dll
Pony-downloader.dll
output.106156415.txt
pm1.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!