MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6168fd7705599e810cba4c0954acb5cdfa8e03ae92ed679a9e538a09da08a7de. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6168fd7705599e810cba4c0954acb5cdfa8e03ae92ed679a9e538a09da08a7de
SHA3-384 hash: c06a585c287f5db3b01733bd6bdbc429862edd1c2ffc6db8c2f561b19ebe70a82861d7009000324d9c879c2c2e08c100
SHA1 hash: 3c66d47dd594dde2e46909b9768d75341b8ce3eb
MD5 hash: 2f84c0e1ddbe4829876ca1e2ae0404de
humanhash: saturn-kitten-hawaii-uncle
File name:infodayclubhai.com__pama.exe
Download: download sample
Signature Pony
Create hunting rule
File size:663'552 bytes
First seen:2020-03-18 18:13:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6cc0f733ec32ba2c8d01dc6d055a7406 (1 x Pony)
ssdeep 12288:q44swrrk9ZCZUELmy+WJoTMxh+LdTmtV1DX9UQiO7:T4swfk9ZCZUELmy+WJkMx4LdTmtV1DXV
Threatray 124 similar samples on MalwareBazaar
TLSH A5E45CA0168F667FDE2B09B3B205872792B4BE65E6CCB2F026C5B35717FE7579410202
Reporter ov3rflow1
Tags:exe Pony

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Gamarue-7088569-0
Create hunting rule

Win.Trojan.Fareit-7101834-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2018-04-10 18:10:46 UTC
File Type:
PE (Exe)
Extracted files:
10
AV detection:
30 of 31 (96.77%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
pony
Create hunting rule
Similar samples:
5e57e98ff9180e08404e1ddaf29e274ab4df1149b2cbfbdf3422ae460afbafac
Pony
78c42daa9bd978e2e2ca039a54f167f5090681124f402fa9c9bd69a2dd23bc26
Pony
82d310e5014a5e7ff2f70ff4c015ae1560963ef6cde9a802228d13f3ab52ede6
Pony
9026e9b714998846a26087ed7f5a276b1399204a1e34d469571a7301ce720931
Pony
9d6db09dd795c7571aa27604483c0875da0c2a8b1501e6c4d34093b38da06ea2
Pony
a8af98897cc2adfa6868c15ad536d7359f749ff3bb8cf9be11c7e45d437dc37f
Pony
aba89c003bab6d64d5f68c470122707e3ee14d220931315d39b8f4d04135c56f
Pony
d9f43f0b6e44588cc526f36493bbbec4b49da176395e4a55ff9373d573593077
Pony
da6a5a35ad94ccafa9da5cf5579033e0df382f567eed47793141ed511c8f2920
Pony
f79be9655ab5fa236f5b81bc4af8538e91e4dbb3f6ee25d14891c6bec26681ae
Pony
+ 114 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6168fd7705599e810cba4c0954acb5cdfa8e03ae92ed679a9e538a09da08a7de

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/4292/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaSetSystemError
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments