Spy

Pony.Spyware.Stealer.DDS removal guide

Malware Removal

The Pony.Spyware.Stealer.DDS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Pony.Spyware.Stealer.DDS virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • Executable file is packed/obfuscated with MPRESS
  • Authenticode signature is invalid
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Pony.Spyware.Stealer.DDS?


File Info:

name: 9EAA7F7DDA638A743944.mlw
path: /opt/CAPEv2/storage/binaries/67e1d5bab7580fc23fe605d1aa4a3b2901b2cd3dee50dc86cbf9f652c9c143a5
crc32: F5A7FA27
md5: 9eaa7f7dda638a743944c746edd6ebc0
sha1: 598fe6569907e3e5c6ebc46f53db818d3062f34f
sha256: 67e1d5bab7580fc23fe605d1aa4a3b2901b2cd3dee50dc86cbf9f652c9c143a5
sha512: 2d5acc7c7943ec5e3e8789d75b093cc7f11c21cfeff4a1b4b5c667d6ac62f8c250e8297ae9663f40ee8054007cd4340b162d064e60d7e788a5590605d221ddde
ssdeep: 1536:DxDDnd1RaqOjsdSCMzZoZxxK4yjY9Xubd:DxDDd/VOjInMz8e
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T143C35138AAE55532D3B7CBB585F651C2BD35B9223E11984E41DA03490C23F92EDB1F2E
sha3_384: 7585ebe91a5397d886cec66c728221f8cd2f3cee05cea01d9570c645682208d861ebfafd45bfe0ff86a74406ff3d89ff
ep_bytes: e8db130000e989feffff8bff558bec8b
timestamp: 2013-08-27 16:13:37

Version Info:

0: [No Data]

Pony.Spyware.Stealer.DDS also known as:

BkavW32.AIDetect.malware1
tehtrisGeneric.Malware
MicroWorld-eScanTrojan.Downloader.JQAP
FireEyeGeneric.mg.9eaa7f7dda638a74
McAfeePWSZbot-FEV!9EAA7F7DDA63
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.1838296
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0052964f1 )
K7GWTrojan ( 0052964f1 )
CrowdStrikewin/malicious_confidence_90% (D)
BitDefenderThetaGen:NN.ZexaF.34682.hmZ@aGarcZak
CyrenW32/Upatre.IJ.gen!Eldorado
SymantecSMG.Heur!gen
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.BIYN
BaiduWin32.Trojan-Spy.Zbot.a
ClamAVWin.Dropper.Tinba-9943147-2
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Downloader.JQAP
NANO-AntivirusTrojan.Win32.DownLoad3.cjdyni
CynetMalicious (score: 100)
AvastWin32:Malware-gen
TencentTrojan.Win32.Delf.pa
Ad-AwareTrojan.Downloader.JQAP
SophosML/PE-A
ComodoTrojWare.Win32.TrojanDownloader.Small.PR@5276zr
DrWebTrojan.DownLoad3.28161
VIPRETrojan.Downloader.JQAP
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.ct
SentinelOneStatic AI – Malicious PE
Trapminemalicious.high.ml.score
EmsisoftTrojan.Downloader.JQAP (B)
APEXMalicious
JiangminTrojan/Buzus.bnwn
AviraTR/Dropper.Gen
MAXmalware (ai score=83)
Antiy-AVLTrojan/Generic.ASBOL.C6E4
MicrosoftTrojan:Win32/Fareit.RPL!MTB
ViRobotTrojan.Win32.Upatre.51256
GDataWin32.Trojan-Downloader.Upatre.BJ
GoogleDetected
AhnLab-V3Trojan/Win32.Upatre.R284255
VBA32Trojan.Fareit.2883
ALYacTrojan.Downloader.JQAP
MalwarebytesPony.Spyware.Stealer.DDS
RisingDownloader.Waski!1.A489 (CLASSIC)
YandexTrojan.GenAsa!dUSBw1EZjpA
IkarusWorm.Win32.Vercuser
FortinetW32/Kryptik.BIYN!tr
AVGWin32:Malware-gen
Cybereasonmalicious.dda638
PandaTrj/Genetic.gen

How to remove Pony.Spyware.Stealer.DDS?

Pony.Spyware.Stealer.DDS removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment