MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b3aac3c1fed205d6c1e36f80475cdb4b243f6fb7b2d275f360867aa6dcec5fe8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b3aac3c1fed205d6c1e36f80475cdb4b243f6fb7b2d275f360867aa6dcec5fe8
SHA3-384 hash: 086a244431732bd3c519420a6dd10e1563aad745eccf706fbcd72255ea36b7ba48227219129a8c26f26504849ab81166
SHA1 hash: f46a756d3db6b63f0de316e7b676ecc8e67b741d
MD5 hash: 320cb1a1e35dc596aaa4a0c5f146657c
humanhash: two-fish-charlie-rugby
File name:b3aac3c1fed205d6c1e36f80475cdb4b243f6fb7b2d275f360867aa6dcec5fe8
Download: download sample
Signature Pony
Create hunting rule
File size:221'184 bytes
First seen:2020-03-23 18:47:41 UTC
Last seen:2020-03-24 07:34:00 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0ab484d3a36e166a3887870068db9e11 (1 x Pony)
ssdeep 3072:dwOTLLMleKCKsnL/Nm3jTDl6RWaz6mLtUCMw0:dZnLILChz26RfPBUCM
Threatray 126 similar samples on MalwareBazaar
TLSH E024BE7B0B6A6A6FF5574B3EFDB88160730A4756001EED62C62AF5090E72C0172CDB5E
Reporter Marco_Ramilli
Tags:exe Pony

Intelligence

File Origin
# of uploads :
2
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Atros5.AJDU.22214.956.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2017-04-07 01:01:00 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
pony
Create hunting rule
Similar samples:
23e3757121ff1a0c053d2dc66651ad8e2152373724a8091c56a7fae203401cab
Pony
40bcf1b92cac08e72eb025659bb892a41926ebd655f448ff5544ece312986987
Pony
49f23a6aa07ad1617e09d06680a7e2544ba8daa9295285405b7c82ab96b8a335
Pony
80b9257f924aef8ac5a1a724234ddcd6b67bee79819202bb7b5d4586b35164c7
Pony
82c531ee47fd52c78ed90b259be7908208ae6657a75643fce70df85eb0cd64a3
Pony
90039768c0de73c07a511aa6eb560df1e33f41bbe3b6753ddbcf6ffc07711169
Pony
98adccc8a599f53904c5cd22c7398d6b692c642807cab71f1ab6d2dc65e1c5a5
Pony
b2d579828599ae4e265f77899466dc005e7685b50dcbf6817388ea22d404ab2c
Pony
c83d6e6989b8e850ca5f411c67bcbfff8dff55d6d1348dc8961227a5eac92c8a
Pony
fe966a744b83daaecb2b4b01adc7204e42d3f98955e142e78d7a948709185d27
Pony
+ 116 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Pony

Executable exe b3aac3c1fed205d6c1e36f80475cdb4b243f6fb7b2d275f360867aa6dcec5fe8

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/250602/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaSetSystemError
MSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments