MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3850dbdb649a361b3b122d14da53702fcccc1893a64357a8b7cac7063aebd7c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3850dbdb649a361b3b122d14da53702fcccc1893a64357a8b7cac7063aebd7c7
SHA3-384 hash: 9d72cc1781963d763b425f28f741f71576033d0660fd5d605ef422f98ac44a9c85138e909de71391ce71267e2a47cce3
SHA1 hash: f93554fc7d764543249d5a083ed59a36440e3730
MD5 hash: 60c54d3365ecee223a48aa1d705500cf
humanhash: robin-single-monkey-louisiana
File name:3850dbdb649a361b3b122d14da53702fcccc1893a64357a8b7cac7063aebd7c7
Download: download sample
Signature Pony
Create hunting rule
File size:217'088 bytes
First seen:2020-03-23 18:53:07 UTC
Last seen:2020-03-24 07:33:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2140e9c60c2b64151d16250f0747f7d8 (1 x Pony)
ssdeep 3072:LftoY3iyC9e3QT/96eIexSxat/1i4ABtj3X5mAd:CaimQp6exZ/d
Threatray 128 similar samples on MalwareBazaar
TLSH 4C249E8E39C86FD2F519E27F5DA68474DA99AC70D883C841638C2AF964E363D57303C6
Reporter Marco_Ramilli
Tags:exe Pony

Intelligence

File Origin
# of uploads :
2
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Inject3.CIDM.17743.26025.24673.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2017-04-11 07:01:00 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
34 of 45 (75.56%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
pony
Create hunting rule
Similar samples:
23e3757121ff1a0c053d2dc66651ad8e2152373724a8091c56a7fae203401cab
Pony
40bcf1b92cac08e72eb025659bb892a41926ebd655f448ff5544ece312986987
Pony
49f23a6aa07ad1617e09d06680a7e2544ba8daa9295285405b7c82ab96b8a335
Pony
80b9257f924aef8ac5a1a724234ddcd6b67bee79819202bb7b5d4586b35164c7
Pony
98adccc8a599f53904c5cd22c7398d6b692c642807cab71f1ab6d2dc65e1c5a5
Pony
a8a98322ac04825ae3dac08e12ed29383d966fec2033a8002e9d75e71b57d406
Pony
b24205394b92b61e4058e30a94528aa34cf37b3d930c3197d91f33f8fd173cf4
Pony
c83d6e6989b8e850ca5f411c67bcbfff8dff55d6d1348dc8961227a5eac92c8a
Pony
f711673ec31f884e59192cc360b841efc1c77b0d0b41787bea5424ae520f9989
Pony
fe966a744b83daaecb2b4b01adc7204e42d3f98955e142e78d7a948709185d27
Pony
+ 118 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Pony

Executable exe 3850dbdb649a361b3b122d14da53702fcccc1893a64357a8b7cac7063aebd7c7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/250648/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaSetSystemError
MSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaErrorOverflow

Comments