× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d2ae5643aba8cab4f44e5c9f98efe9620b0c4fa4f730db33362fef0731c0d02e
File name: d2ae5643aba8cab4f44e5c9f98efe9620b0c4fa4f730db33362fef0731c0d02e.bin
Detection ratio: 54 / 65
Analysis date: 2018-01-22 08:30:35 UTC ( 5 months ago )
Antivirus Result Update
Ad-Aware Gen:Trojan.Mresmon.Gen.1 20180122
AegisLab Gen.Variant.Kazy!c 20180122
AhnLab-V3 Trojan/Win32.MDA.R135924 20180121
ALYac Gen:Trojan.Mresmon.Gen.1 20180122
Antiy-AVL Trojan[Ransom]/Win32.Foreign 20180122
Arcabit Trojan.Mresmon.Gen.1 20180122
Avast Win32:Sharik-H [Trj] 20180122
AVG Win32:Sharik-H [Trj] 20180122
Avira (no cloud) TR/Crypt.XPACK.Gen 20180122
AVware Trojan.Win32.Generic!BT 20180122
Baidu Win32.Trojan.Kryptik.aoz 20180122
BitDefender Gen:Trojan.Mresmon.Gen.1 20180122
CAT-QuickHeal Ransom.Cryptodef.S4 20180122
Comodo UnclassifiedMalware 20180122
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20180122
Cyren W32/FakeAlert.ACZ.gen!Eldorado 20180122
DrWeb Trojan.Packed.30387 20180122
eGambit Unsafe.AI_Score_100% 20180122
Emsisoft Gen:Trojan.Mresmon.Gen.1 (B) 20180122
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/Kryptik.DAJI 20180122
F-Prot W32/FakeAlert.ACZ.gen!Eldorado 20180122
GData Gen:Trojan.Mresmon.Gen.1 20180122
Ikarus Trojan.Win32.Crypt 20180121
Sophos ML heuristic 20180121
Jiangmin TrojanProxy.Lethic.ce 20180122
K7AntiVirus Trojan ( 004b74591 ) 20180122
K7GW Trojan ( 004b74591 ) 20180122
Kaspersky HEUR:Trojan.Win32.Generic 20180122
Malwarebytes Trojan.Agent.DED 20180121
MAX malware (ai score=100) 20180122
McAfee Ransom-FXT!1351644F649A 20180122
McAfee-GW-Edition BehavesLike.Win32.Yahlover.ch 20180122
Microsoft Trojan:Win32/Ropest.K 20180120
eScan Gen:Trojan.Mresmon.Gen.1 20180122
NANO-Antivirus Trojan.Win32.Lethic.dorjhh 20180122
Palo Alto Networks (Known Signatures) generic.ml 20180122
Panda Trj/Genetic.gen 20180121
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20180122
SentinelOne (Static ML) static engine - malicious 20180115
Sophos AV Mal/Wonton-AS 20180122
SUPERAntiSpyware Trojan.Agent/Gen-Dropper 20180122
Symantec Trojan.Gen.2 20180122
Tencent Suspicious.Heuristic.Gen.b.0 20180122
TrendMicro BKDR_ANDROM.YUYBM 20180122
TrendMicro-HouseCall BKDR_ANDROM.YUYBM 20180122
VBA32 suspected of Trojan.Downloader.gen.h 20180120
VIPRE Trojan.Win32.Generic!BT 20180122
Webroot Trojan.Dropper.Gen 20180122
Yandex Trojan.Agent!AyCCC7nXvl4 20180112
Zillya Trojan.Kryptik.Win32.794251 20180119
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180122
Alibaba 20180122
Avast-Mobile 20180122
Bkav 20180122
ClamAV 20180122
CMC 20180122
Fortinet 20180122
Kingsoft 20180122
nProtect 20180122
Rising 20180122
Symantec Mobile Insight 20180119
TheHacker 20180119
Trustlook 20180122
ViRobot 20180122
Zoner 20180122
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Pony 2008-2013

Product Pony
File version 4.0.0.5
Description Tightly blind eventually industrial powder
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-03 02:59:36
Entry Point 0x00007028
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegFlushKey
RegCloseKey
RegDeleteKeyW
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyW
RegConnectRegistryW
RegUnLoadKeyW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyExW
RegSaveKeyW
RegReplaceKeyW
RegLoadKeyW
RegRestoreKeyW
RegQueryValueExW
ImageList_BeginDrag
ImageList_GetImageCount
ImageList_SetBkColor
ImageList_GetImageInfo
FlatSB_SetScrollInfo
ImageList_SetImageCount
FlatSB_GetScrollInfo
ImageList_GetDragImage
FlatSB_SetScrollProp
ImageList_Remove
ImageList_DragMove
Ord(17)
ImageList_SetIconSize
ImageList_Write
ImageList_Read
ImageList_Replace
ImageList_SetOverlayImage
ImageList_Destroy
_TrackMouseEvent
ImageList_Draw
ImageList_GetIconSize
ImageList_DragLeave
ImageList_GetBkColor
ImageList_GetIcon
FlatSB_SetScrollPos
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_Add
InitializeFlatSB
FlatSB_GetScrollPos
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_Create
ImageList_Copy
ImageList_LoadImageW
ImageList_EndDrag
SetDIBits
GetTextMetricsW
SetMapMode
GetWindowOrgEx
ResizePalette
GetPaletteEntries
CopyEnhMetaFileW
SetPixel
EndDoc
IntersectClipRect
AngleArc
GetTextExtentPointW
CreatePalette
CreateDIBitmap
GetDIBits
GetEnhMetaFileBits
StretchBlt
StretchDIBits
ArcTo
Pie
Arc
SetBkColor
SetWinMetaFileBits
GetDIBColorTable
DeleteEnhMetaFile
GetSystemPaletteEntries
GetClipBox
EnumFontsW
GetCurrentPositionEx
GetPixel
GetBrushOrgEx
ExcludeClipRect
SetBkMode
BitBlt
SetAbortProc
FrameRgn
CreateBrushIndirect
SelectPalette
StartDocW
SetROP2
EndPage
GetNearestPaletteIndex
SetDIBColorTable
DeleteObject
CreatePenIndirect
PatBlt
SetStretchBltMode
Rectangle
GetDeviceCaps
LineTo
DeleteDC
SetEnhMetaFileBits
CreateFontIndirectW
StartPage
GetObjectW
CreateDCW
RealizePalette
ExtTextOutW
CreateBitmap
RectVisible
GetStockObject
PlayEnhMetaFile
UnrealizeObject
GdiFlush
RoundRect
GetWinMetaFileBits
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
SetWindowOrgEx
GetTextExtentPoint32W
Polygon
CreateHalftonePalette
GetRgnBox
SaveDC
CreateICW
MaskBlt
GetEnhMetaFilePaletteEntries
RestoreDC
GetBitmapBits
CreateDIBSection
SetTextColor
ExtFloodFill
MoveToEx
EnumFontFamiliesExW
SetViewportOrgEx
CreateCompatibleDC
PolyBezierTo
PolyBezier
Chord
SetBrushOrgEx
CreateRectRgn
SelectObject
Ellipse
CreateSolidBrush
Polyline
AbortDoc
CreateCompatibleBitmap
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
HeapAlloc
GetCurrentProcess
GetDriveTypeW
GetConsoleMode
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
SetErrorMode
GetLogicalDrives
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
GetDiskFreeSpaceW
WriteFile
GetTimeZoneInformation
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
ResumeThread
SetEvent
LocalFree
FormatMessageW
GetThreadPriority
BeginUpdateResourceW
LoadResource
GetLogicalDriveStringsW
FindClose
TlsGetValue
QueryDosDeviceW
GetFullPathNameW
WritePrivateProfileStringW
SetLastError
GetUserDefaultUILanguage
InitializeCriticalSection
LocalLock
ReadFile
UpdateResourceW
GetModuleFileNameW
TryEnterCriticalSection
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
SetThreadPriority
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
GetCPInfoExW
GetPrivateProfileStringW
GetModuleHandleA
SetFileAttributesW
GlobalAddAtomW
CreateThread
GetSystemDefaultUILanguage
DeleteCriticalSection
GetExitCodeThread
SetUnhandledExceptionFilter
MulDiv
GetSystemTimes
ExitThread
InterlockedDecrement
SetEnvironmentVariableA
WaitForMultipleObjectsEx
TerminateProcess
ConvertThreadToFiber
VirtualQuery
LocalFileTimeToFileTime
VirtualQueryEx
SetEndOfFile
GetVersion
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
EndUpdateResourceW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GlobalFindAtomW
GetStartupInfoA
GetEnvironmentStrings
GetFileSize
LCMapStringW
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
CreateFileMappingW
EnumResourceNamesW
CompareStringW
RemoveDirectoryW
FindNextFileW
ResetEvent
FindFirstFileW
IsValidLocale
GlobalLock
GetTempPathW
CreateEventW
CreateFileW
WriteConsoleA
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
GlobalDeleteAtom
UnmapViewOfFile
GetSystemInfo
GlobalFree
GetConsoleCP
LCMapStringA
GetThreadLocale
GetVolumeInformationW
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
lstrlenW
SwitchToThread
SizeofResource
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
SuspendThread
GetSystemDefaultLangID
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
SetSystemPowerState
CloseHandle
GetACP
GetModuleHandleW
FreeResource
FileTimeToLocalFileTime
GetFileAttributesExW
GetLongPathNameW
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
OpenSemaphoreW
VirtualAlloc
GetOEMCP
CompareStringA
SHBrowseForFolderW
SHChangeNotify
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetMalloc
MapWindowPoints
GetMessagePos
SetWindowRgn
RedrawWindow
LoadBitmapW
EnableScrollBar
DestroyMenu
PostQuitMessage
GetForegroundWindow
SetWindowPos
IsWindow
DispatchMessageA
ClientToScreen
WindowFromPoint
DrawIcon
CharUpperBuffW
SetMenuItemInfoW
SetActiveWindow
GetMenuItemID
GetCursorPos
CharLowerBuffW
GetMenuStringW
SendMessageW
EndMenu
SendMessageA
UnregisterClassW
GetClientRect
GetMenuItemInfoW
DefMDIChildProcW
DrawTextW
SetScrollPos
CallNextHookEx
GetSysColor
GetKeyboardState
GetTopWindow
GetWindowTextW
MsgWaitForMultipleObjects
ScrollWindow
GetKeyState
DestroyWindow
DrawEdge
GetParent
UpdateWindow
GetPropW
SetClassLongW
EnumWindows
ShowWindow
DrawFrameControl
SetPropW
EnumDisplayMonitors
PeekMessageW
TranslateMDISysAccel
InsertMenuItemW
SetWindowPlacement
CharUpperW
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
ActivateKeyboardLayout
SetClipboardData
GetIconInfo
SetParent
RegisterClassW
FindWindowExW
IsZoomed
IsWindowVisible
LoadStringW
GetKeyboardLayoutList
DrawMenuBar
IsIconic
GetSubMenu
SetTimer
GetActiveWindow
IsDialogMessageW
FillRect
EnumThreadWindows
MonitorFromPoint
CreateAcceleratorTableW
GetSysColorBrush
IsWindowUnicode
GetClassInfoW
CreateWindowExW
GetWindowLongW
GetUpdateRect
CharNextW
IsChild
IsDialogMessageA
SetFocus
RegisterWindowMessageW
GetMonitorInfoW
BeginPaint
DefWindowProcW
GetScrollPos
CopyIcon
GetKeyboardLayoutNameW
KillTimer
MapVirtualKeyW
GetKeyNameTextW
GetClipboardData
GetClassInfoExW
GetSystemMetrics
SetWindowLongW
SetScrollRange
GetWindowRect
SetCapture
ReleaseCapture
EnumChildWindows
DrawTextExW
GetMessageExtraInfo
CharLowerW
PostMessageW
InvalidateRect
WaitMessage
CreatePopupMenu
ShowCaret
DrawFocusRect
GetClassLongW
GetLastActivePopup
DrawIconEx
SetWindowTextW
GetDCEx
RemovePropW
GetWindowPlacement
GetSystemMenu
ScreenToClient
TrackPopupMenu
GetMenuItemCount
GetMenuState
SetWindowsHookExW
LoadCursorW
LoadIconW
RemoveMenu
GetDC
InsertMenuW
SetForegroundWindow
OpenClipboard
EmptyClipboard
EndPaint
GetScrollBarInfo
ReleaseDC
GetScrollRange
GetScrollInfo
HideCaret
GetKeyboardLayout
FindWindowW
GetCapture
GetDlgCtrlID
MessageBeep
CheckMenuItem
GetWindowThreadProcessId
ShowScrollBar
MessageBoxW
GetMenu
DestroyIcon
UnhookWindowsHookEx
LoadKeyboardLayoutW
MessageBoxA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
MsgWaitForMultipleObjectsEx
DispatchMessageW
RegisterClipboardFormatW
SetScrollInfo
CopyImage
EnableMenuItem
DefFrameProcW
ShowOwnedPopups
GetDesktopWindow
SetCursorPos
SystemParametersInfoW
MonitorFromWindow
FrameRect
SetRect
DeleteMenu
MonitorFromRect
CallWindowProcW
GetClassNameW
CreateIcon
GetCursor
GetFocus
CreateMenu
EnableWindow
CloseClipboard
SetMenu
SetCursor
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
Ord(203)
ClosePrinter
DocumentPropertiesW
EnumPrintersW
OpenPrinterW
OleUninitialize
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoCreateInstance
StringFromCLSID
CoTaskMemFree
OleInitialize
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_MANIFEST 1
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 31
LITHUANIAN 2
NEUTRAL 1
PE resources
ExifTool file metadata
LegalTrademarks
Pony

SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.7.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Tightly blind eventually industrial powder

CharacterSet
Windows, Latin1

InitializedDataSize
4143972352

FileOS
Windows 16-bit

EntryPoint
0x7028

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) Pony 2008-2013

FileVersion
4.0.0.5

TimeStamp
2015:03:03 03:59:36+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Combination.exe

ProductVersion
5.0

UninitializedDataSize
0

OSVersion
5.0

OriginalFilename
Combination.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Gain complex - www.Pony.com

CodeSize
96768

ProductName
Pony

ProductVersionNumber
4.3.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 1351644f649aacbbf7812aef829c8197
SHA1 d60868841135dd1f0c117320cddd7a53ae8520de
SHA256 d2ae5643aba8cab4f44e5c9f98efe9620b0c4fa4f730db33362fef0731c0d02e
ssdeep
3072:ywDgiQGvKHPEWbCZlV9Ag0FutNB05Sn4+pnOA:jg9GvKH0/9AOtk4nh

authentihash 5d8ecefb5d1ab375eaec9ccee149da1f17ea00726c05fb5d296e10d888ec8de2
imphash 0e9189e0d5e1cc6fd470bd6bd52f749f
File size 161.5 KB ( 165376 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-03-11 18:31:28 UTC ( 3 years, 3 months ago )
Last submission 2018-01-22 08:30:35 UTC ( 5 months ago )
File names 1351644F649AACBBF7812AEF829C8197.exe
2015-03-02-Fiesta-EK-malware-payload.exe
d2ae5643aba8cab4f44e5c9f98efe9620b0c4fa4f730db33362fef0731c0d02e.bin
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
TCP connections
UDP communications