MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 22573d3cc2aac6f587e8554edb2d33bb0b159e0dc74d0a1b1a521233dfa720ba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 22573d3cc2aac6f587e8554edb2d33bb0b159e0dc74d0a1b1a521233dfa720ba
SHA3-384 hash: 65548ac00e5b77df4c0d687aa00d42d97a3d9cee0681cddf576bc0f25d8dec65702ca9e4f1da077609c855cf0d7b52a1
SHA1 hash: 62ca0f4544553115131bea40817b68b24c8bd9f3
MD5 hash: 9ac7f17303745d46ab2b0220a7ce0d11
humanhash: dakota-artist-black-minnesota
File name:New order inquiry.pdf.exe
Download: download sample
Signature Pony
Create hunting rule
File size:114'688 bytes
First seen:2020-04-08 14:55:04 UTC
Last seen:2020-04-09 04:33:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash cf14cac9cac7b65d0f50e7a0a3206e97 (1 x Pony)
ssdeep 1536:JzuWRCTG1uBD/mWWZlCMSmCRxrRh1j5N:tRCTGo7MCMuRttv
Threatray 866 similar samples on MalwareBazaar
TLSH D8B3B466FA88FED0F08048B16E75AEE805E8BD309D543947FAC1376D35B50EA74A4783
Reporter jarumlus
Tags:Pony

Intelligence

File Origin
# of uploads :
4
# of downloads :
108
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.35349.32574.21885.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-04-08 11:21:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ejlt2pgcvldplb7ikvhnwljtxmfrlhqny5gqugy2kijdhx5hec5a._file
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
guloader
Create hunting rule
Similar samples:
0c017b57d7f1cbfa01f54deb15b7f04b8923acd4585435050589b1762856247e
Pony
460aa0fd440b1acb5aa90b5667d4c387494f6622014e5d4115b1e3b6b080c5c0
Pony
4d0dfe01c27dfd2c35464a3f435cfb4cad6e996d6fc407cc8f10fc0b3d0692fe
Pony
4fb3528f5fc1a30b03cf69920e1db68cd4943c1c303a09cac0723a10abfcc378
Pony
a07051295b50dfe762f42e922f6815e4554ae1b392da5810b88893cb91ac3b7e
Pony
a1eec13238d8aeff47e2544402482dae53aed3617e73a5e757746db56cc3f353
Pony
c76654971c4af60511d3583a3bd00c673904569aa93973687e14e95b9e80de6f
Pony
d3aa9fd1ed4af3cc3a49e612b93a03f799ada340c1c086f7403448fe77115bb1
Pony
e7cf4a0d3f94afea480bf5e64a658029d02191330244697ba9afd81dd5b56386
Pony
ecbbdea89347df30a9575353b8886499a88d30f5606f60c922c62e4a56637c74
Pony
+ 856 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Pony

Executable exe 22573d3cc2aac6f587e8554edb2d33bb0b159e0dc74d0a1b1a521233dfa720ba

(this sample)

Pony

Executable exe e400fef46e21fbd7191240230a5fab9326de9baf0fbebfef8883e5c2662862a1

  
Dropping
SHA256 e400fef46e21fbd7191240230a5fab9326de9baf0fbebfef8883e5c2662862a1
  
Dropping
MD5 7181014e10639594927fd8bb463b9385

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments