MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d4ca2d9c08113fa653ca0f9b2ef9fcbed2c7e045c6155662254a959a19b13c60. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pony


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d4ca2d9c08113fa653ca0f9b2ef9fcbed2c7e045c6155662254a959a19b13c60
SHA3-384 hash: 30c484a74e841872fcd1e28df7bc028cff64946674dc709d9c6eb17d58c23eb8d4d29ce7e2e33cac7fef49cf9568ae44
SHA1 hash: d401ec66a64e3fce80b875a0023a0ae3ea4c0f33
MD5 hash: 0167b1b5a66204c8e8d0bfc73ca75e1d
humanhash: dakota-neptune-grey-mountain
File name:Shipping_Docs.exe
Download: download sample
Signature Pony
Create hunting rule
File size:516'096 bytes
First seen:2020-04-30 07:34:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6c30ce1801dc1c1bfcfa3795668be4b6 (1 x AgentTesla, 1 x Pony)
ssdeep 12288:CaZh9m22D7RGzagIZ6xDGMVedhEd4kM9PX/01:f/K4zazZ6PVeNDPe
Threatray 819 similar samples on MalwareBazaar
TLSH 71B4D1F7E6A4BDE3C43CA838C5D892F95635152D7DC38A8409D8C80D8976CDBEA205BD
Reporter jarumlus
Tags:Pony

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments