× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 13504740f0c859e567332a4f01b4ab0d93a7ea29b28cb56431030cf5853ee72c
File name: pony.exe
Detection ratio: 38 / 54
Analysis date: 2015-11-13 18:36:20 UTC ( 3 years, 5 months ago ) View latest
Antivirus Result Update
Yandex Trojan.PonyPass.Gen.LH 20151112
AhnLab-V3 Trojan/Win32.Tepfer 20151113
ALYac Trojan.Agent.BKRD 20151113
Antiy-AVL Trojan[PSW]/Win32.Tepfer 20151113
Arcabit Trojan.Agent.BKRD 20151113
Avast Sf:Nuclear-D [Trj] 20151113
AVG PSW.Generic12.CIQA 20151113
Avira (no cloud) TR/Kryptik.avp.8 20151113
AVware Trojan.Win32.Fareit.gi (v) 20151113
BitDefender Trojan.Agent.BKRD 20151113
ByteHero Trojan.Malware.Obscu.Gen.002 20151113
CAT-QuickHeal TrojanPSW.Tepfer.08998 20151112
Comodo TrojWare.Win32.PWS.Fareit.GS 20151113
Cyren W32/Bloop.A.gen!Eldorado 20151113
DrWeb Trojan.PWS.Stealer.4118 20151113
Emsisoft Trojan.Agent.BKRD (B) 20151113
ESET-NOD32 a variant of Win32/PSW.Fareit.E 20151113
F-Prot W32/Bloop.A.gen!Eldorado 20151113
F-Secure Trojan.Agent.BKRD 20151113
Fortinet W32/FakeAV.UUS!tr 20151113
GData Trojan.Agent.BKRD 20151113
Ikarus Trojan.Win32.Ransom 20151113
K7AntiVirus Password-Stealer ( 0040f4f51 ) 20151113
K7GW Password-Stealer ( 0040f4f51 ) 20151113
Kaspersky Trojan-PSW.Win32.Tepfer.gen 20151113
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.mh 20151113
Microsoft PWS:Win32/Fareit.gen!G 20151113
eScan Trojan.Agent.BKRD 20151113
NANO-Antivirus Trojan.Win32.Tepfer.dymahv 20151113
nProtect Trojan.Agent.BKRD 20151113
Panda Trj/Genetic.gen 20151113
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20151113
Sophos AV Mal/Behav-116 20151113
Symantec Downloader.Ponik 20151113
TrendMicro TROJ_GEN.R02SC0DK615 20151113
VBA32 SScope.Malware-Cryptor.Ponik 20151113
VIPRE Trojan.Win32.Fareit.gi (v) 20151113
Zillya Adware.Agent.Win32.83992 20151112
AegisLab 20151113
Alibaba 20151113
Baidu-International 20151113
Bkav 20151113
ClamAV 20151113
CMC 20151113
Jiangmin 20151112
Malwarebytes 20151113
McAfee 20151113
Rising 20151112
SUPERAntiSpyware 20151113
Tencent 20151113
TheHacker 20151113
TrendMicro-HouseCall 20151113
ViRobot 20151113
Zoner 20151113
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-03 06:03:43
Entry Point 0x000051F7
Number of sections 2
PE sections
PE imports
RegOpenCurrentUser
RegOpenKeyA
RegCloseKey
GetUserNameA
RegQueryValueExA
RegSetValueExA
IsTextUnicode
RegOpenKeyExA
RegCreateKeyA
RegEnumKeyExA
CreateToolhelp32Snapshot
GetLastError
Process32First
GetSystemInfo
lstrlenA
GetFileAttributesA
LCMapStringA
GetTickCount
GetVersionExA
GlobalUnlock
LoadLibraryA
GetModuleFileNameA
Process32Next
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
lstrcatA
CreateDirectoryA
DeleteFileA
OpenProcess
GlobalLock
GetTempPathA
lstrcmpiA
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
lstrcmpA
ReadFile
SetUnhandledExceptionFilter
lstrcpyA
FindFirstFileA
CloseHandle
CreateFileMappingA
FindNextFileA
ExpandEnvironmentStringsA
LocalFree
UnmapViewOfFile
WriteFile
FindClose
Sleep
CreateFileA
ExitProcess
GetProcAddress
GetFileSize
CreateStreamOnHGlobal
OleInitialize
CoCreateGuid
GetHGlobalFromStream
ShellExecuteA
StrRChrIA
StrToIntA
StrStrIA
wsprintfA
LoadUserProfileA
UnloadUserProfile
InternetCrackUrlA
InternetCreateUrlA
setsockopt
socket
recv
inet_addr
send
WSAStartup
gethostbyname
connect
closesocket
select
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:11:03 07:03:43+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
17408

LinkerVersion
2.5

EntryPoint
0x51f7

InitializedDataSize
8192

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 b60d3a994a9074cc59d1e065d2583411
SHA1 7937f2f1edaa2a6f24f02e32291c5210fe00a23e
SHA256 13504740f0c859e567332a4f01b4ab0d93a7ea29b28cb56431030cf5853ee72c
ssdeep
768:D2H6FfnY9wOwXcrqlUa6pJYmre3FQWcyD763jv:6ufnY9w1XcrqT6pJproGf

authentihash 1339c300237ed443f5a511425a5b59150ebcc76357ae2ba24b2fa29791b1450c
imphash 2bb50a597bfe3edd7925997915877999
File size 24.5 KB ( 25088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (46.4%)
Win32 Dynamic Link Library (generic) (23.3%)
Win32 Executable (generic) (15.9%)
Generic Win/DOS Executable (7.0%)
DOS Executable Generic (7.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-11-13 18:36:20 UTC ( 3 years, 5 months ago )
Last submission 2015-11-13 18:36:20 UTC ( 3 years, 5 months ago )
File names pony.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
HTTP requests
DNS requests
TCP connections