× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1f02011f5b993c7a9f2da56342562d794537fc3473af13b8ee9d04ccf752e2b9
File name: pony.exe
Detection ratio: 3 / 57
Analysis date: 2016-04-05 14:55:44 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.CB3C 20160405
McAfee-GW-Edition BehavesLike.Win32.Virut.cc 20160405
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20160405
Ad-Aware 20160405
AegisLab 20160405
AhnLab-V3 20160405
Alibaba 20160405
ALYac 20160405
Antiy-AVL 20160405
Arcabit 20160405
Avast 20160405
AVG 20160405
Avira (no cloud) 20160405
AVware 20160405
Baidu 20160405
Baidu-International 20160405
BitDefender 20160405
CAT-QuickHeal 20160405
ClamAV 20160404
CMC 20160404
Comodo 20160404
Cyren 20160405
DrWeb 20160405
Emsisoft 20160405
ESET-NOD32 20160405
F-Prot 20160405
F-Secure 20160405
Fortinet 20160404
GData 20160405
Ikarus 20160405
Jiangmin 20160405
K7AntiVirus 20160405
K7GW 20160404
Kaspersky 20160405
Kingsoft 20160405
Malwarebytes 20160405
McAfee 20160405
Microsoft 20160405
eScan 20160405
NANO-Antivirus 20160405
nProtect 20160405
Panda 20160404
Rising 20160405
Sophos AV 20160405
SUPERAntiSpyware 20160405
Symantec 20160331
Tencent 20160405
TheHacker 20160405
TotalDefense 20160405
TrendMicro 20160405
TrendMicro-HouseCall 20160405
VBA32 20160405
VIPRE 20160405
ViRobot 20160405
Yandex 20160405
Zillya 20160405
Zoner 20160405
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
OPSWAT, Inc. Copyright

Product Vodde
Original name Vodde.exe
File version 8.5.65.441
Description Manufacturer Updategrams Weekend Difficulty Signatures
Comments Manufacturer Updategrams Weekend Difficulty Signatures
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-05 10:48:00
Entry Point 0x00004217
Number of sections 4
PE sections
PE imports
InitCommonControlsEx
ImageList_Destroy
ImageList_Draw
ImageList_Create
Ord(17)
ImageList_ReplaceIcon
GetSaveFileNameA
PatBlt
CombineRgn
GetObjectA
ExcludeClipRect
LineTo
DeleteDC
BitBlt
GdiSetBatchLimit
CreatePatternBrush
FillRgn
CreateBitmap
MoveToEx
GetStockObject
ExtTextOutA
CreateCompatibleDC
SetBrushOrgEx
CreateRectRgn
CreateColorSpaceA
SelectObject
GetTextExtentPoint32A
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
ImmGetIMEFileNameA
GetLastError
HeapFree
UnmapViewOfFile
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
GlobalUnlock
GetCurrentProcess
GetCurrentProcessId
lstrcatA
UnhandledExceptionFilter
MultiByteToWideChar
GetProcAddress
InterlockedCompareExchange
GetProcessHeap
CreateFileMappingW
GlobalAddAtomW
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
lstrcpynA
GlobalLock
TerminateProcess
HeapCreate
GlobalAlloc
CreateEventA
InterlockedDecrement
Sleep
CreateFileA
GetTickCount
GetCurrentThreadId
ExitProcess
GetFileSize
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
__p__fmode
malloc
_crt_debugger_hook
_acmdln
wprintf
memset
strcat
__dllonexit
_mbsupr
isprint
printf
_invoke_watson
strlen
_amsg_exit
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??2@YAPAXI@Z
_lock
_onexit
wcscmp
_strdup
??_V@YAXPAX@Z
exit
__setusermatherr
_initterm_e
_adjust_fdiv
_XcptFilter
_cexit
_mbsicmp
_CxxThrowException
_ismbblead
_unlock
__p__commode
??3@YAXPAX@Z
free
__CxxFrameHandler3
_except_handler4_common
atoi
__getmainargs
_decode_pointer
_initterm
sprintf
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
mbstowcs
_encode_pointer
_controlfp_s
memcpy
wcsrchr
strcpy
_configthreadlocale
??0exception@std@@QAE@XZ
_exit
__set_app_type
Ord(24)
GetRoleTextW
SafeArrayAccessData
SafeArrayGetLBound
OleSavePictureFile
SafeArrayUnaccessData
VariantClear
SysAllocString
SafeArrayUnlock
SafeArrayGetUBound
SafeArrayCreate
OleLoadPicture
SafeArrayRedim
SysFreeString
SafeArrayLock
RpcStringBindingComposeA
SHGetFileInfoA
Shell_NotifyIconA
SetFocus
EmptyClipboard
GetParent
EndDialog
BeginPaint
OffsetRect
DefWindowProcA
PostQuitMessage
CreatePopupMenu
ShowWindow
SetWindowPos
SendDlgItemMessageA
GetSystemMetrics
GetClipboardFormatNameA
AppendMenuA
GetWindowRect
EndPaint
SetDlgItemTextA
SetCapture
MoveWindow
GetDlgItemTextA
MessageBoxA
GetWindowDC
GetClipboardData
IsWindowEnabled
TrackPopupMenuEx
GetDC
CopyImage
GetCursorPos
ReleaseDC
SetWindowTextA
GetMenu
LoadStringA
SetClipboardData
PtInRect
DrawIconEx
GetWindowPlacement
SendMessageA
GetClientRect
GetKeyboardLayoutList
GetWindowInfo
ClientToScreen
SetRect
ScreenToClient
InsertMenuA
wsprintfA
CreateWindowExA
LoadIconA
InvalidateRect
FillRect
CopyRect
EnumClipboardFormats
GetFocus
CloseClipboard
GetDlgItem
DestroyWindow
OpenClipboard
DrawThemeBackground
WlanEnumInterfaces
WlanOpenHandle
WlanFreeMemory
CreateStreamOnHGlobal
CoUninitialize
StgIsStorageFile
CoRevokeClassObject
CoInitializeEx
CoCreateGuid
CoCreateInstance
StgOpenStorage
CoInitializeSecurity
CoRegisterClassObject
CoReleaseMarshalData
CoMarshalInterface
StringFromGUID2
CoSetProxyBlanket
OleInitialize
Number of PE resources by type
RT_DIALOG 1
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_MENU 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 6
PE resources
ExifTool file metadata
LegalTrademarks
OPSWAT, Inc. Copyright

SubsystemVersion
5.0

Comments
Manufacturer Updategrams Weekend Difficulty Signatures

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.5.65.441

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Manufacturer Updategrams Weekend Difficulty Signatures

CharacterSet
Unicode

InitializedDataSize
96768

PrivateBuild
8.5.65.441

EntryPoint
0x4217

OriginalFileName
Vodde.exe

MIMEType
application/octet-stream

LegalCopyright
OPSWAT, Inc. Copyright

FileVersion
8.5.65.441

TimeStamp
2016:04:05 11:48:00+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
8.5.65.441

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
OPSWAT, Inc.

CodeSize
17408

ProductName
Vodde

ProductVersionNumber
8.5.65.441

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 cdfb113a1e449f3528e357b8a647df47
SHA1 752d687e59f78078f725ccd52d9e0779d2430d0f
SHA256 1f02011f5b993c7a9f2da56342562d794537fc3473af13b8ee9d04ccf752e2b9
ssdeep
3072:YUkUJN2ClrWJ746A2C1yd+mElfNPNqJADuy5eAC6OYqh:3ko2MrW492C1y8lPDPeAVOYY

authentihash 349d22c584228ad130ee65727dbcd1f77fe913ef1106dc33b2a80100d370d1ae
imphash e02e9373f831223a932f369b870b1327
File size 112.5 KB ( 115200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows screen saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-05 14:46:37 UTC ( 1 year, 3 months ago )
Last submission 2016-09-12 08:32:03 UTC ( 10 months, 2 weeks ago )
File names Vodde.exe
y.exe
pony.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications