× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8e51133afa2b45c3efe91a1dbb3d478c7cc0ba80dcc26abf71de4919826da50b
File name: pony.exe
Detection ratio: 2 / 41
Analysis date: 2012-07-13 19:49:57 UTC ( 5 years, 10 months ago ) View latest
Antivirus Result Update
AntiVir TR/Crypt.XPACK.Gen 20120705
Panda Suspicious file 20120705
AhnLab-V3 20120705
Antiy-AVL 20120705
Avast 20120705
AVG 20120705
BitDefender 20120705
ByteHero 20120704
CAT-QuickHeal 20120705
ClamAV 20120705
Commtouch 20120705
Comodo 20120705
Emsisoft 20120705
eSafe 20120705
F-Prot 20120705
F-Secure 20120706
Fortinet 20120705
GData 20120705
Ikarus 20120705
Jiangmin 20120705
K7AntiVirus 20120705
Kaspersky 20120705
McAfee 20120706
McAfee-GW-Edition 20120705
Microsoft 20120705
NOD32 20120705
Norman 20120705
nProtect 20120706
PCTools 20120705
Rising 20120705
Sophos AV 20120705
SUPERAntiSpyware 20120705
Symantec 20120706
TheHacker 20120704
TotalDefense 20120705
TrendMicro 20120706
TrendMicro-HouseCall 20120705
VBA32 20120705
VIPRE 20120705
ViRobot 20120705
VirusBuster 20120705
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 1:08 AM 3/18/2018
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-13 21:20:04
Entry Point 0x00001480
Number of sections 8
PE sections
Overlays
MD5 17fa7a62ad88394f64d8e6fa86f31558
File type data
Offset 193024
Size 2208
Entropy 5.73
PE imports
RegCloseKey
RegOpenKeyW
GetWindowsDirectoryW
VirtualAllocEx
GetModuleHandleA
CreateFileW
CloseHandle
lstrcatW
GetProcAddress
LoadIconA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:07:13 22:20:04+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
145408

LinkerVersion
2.5

EntryPoint
0x1480

InitializedDataSize
46592

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 3006922e7c4ea1d64dbb3f0061fd4663
SHA1 8969b941ae632fc4c66f11ac83f1332da6fd41d1
SHA256 8e51133afa2b45c3efe91a1dbb3d478c7cc0ba80dcc26abf71de4919826da50b
ssdeep
3072:9fT8HQQVsya3cjHamKqpazcKpVzv/6VQGY:xTXIbK3zV

authentihash 50e058f67f7c515a598e1026b76bf9d88d5b4cfe4478743115934f637b2012bc
imphash 09856ea049ee0244c3e890c703547110
File size 190.7 KB ( 195232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-07-13 19:49:57 UTC ( 5 years, 10 months ago )
Last submission 2014-11-13 19:06:10 UTC ( 3 years, 6 months ago )
File names vti-rescan
3006922e7c4ea1d64dbb3f0061fd4663
pony.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests