home

pong.exe

Nigers

DVDVideoSoft Ltd.

The executable pong.exe has been detected as malware by 8 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from ehub46.webhostinghub.com.
Publisher:
DVDVideoSoft Ltd.

Product:
Nigers

Description:
Gemze2

Version:
1.00

MD5:
9ea096c6a3ad70d8893242fe7518df8f

SHA-1:
92e799d6dd75a60693afeb72026a8b0aed6aedd8

SHA-256:
fa10de22444abbd6e5750f9e054be33ecfbdf56086be2c3509ae2fd3f18ca469

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
6/21/2025 1:10:24 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
160518-2

Emsisoft Anti-Malware
Trojan.Generic.16145915
9.0.0.4157

ESET NOD32
Win32/Injector.CUKB trojan
8.0.319.0

F-Secure
Trojan.Generic.16145915
5.15.96

McAfee
Trojan.Fareit-FEL!9EA096C6A3AD
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.221.397.0

Norman
Trojan.Generic.16145915
19.05.2016 05:17:13

File size:
224 KB (229,376 bytes)

Product version:
1.00

Original file name:
Yochmowitz5.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese

Common path:
C:\users\{user}\downloads\pong.exe

File PE Metadata
Compilation timestamp:
3/13/2016 9:45:37 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:c8/+flR0b8TMMQSZg3shVyw2G18FuKcjiDXJBF+MSAw5HPHrj:G0bSMMQm6sryw268FuKbXJud5v

Entry address:
0x1408

Entry point:
68, 30, 02, 43, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, DE, 04, B3, 65, 30, 4E, 2E, 48, 88, D7, 7A, 26, 55, D2, 13, DA, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 48, 00, 06, 40, 83, 01, 49, 63, 65, 66, 69, 73, 68, 00, 00, 00, 00, 00, FF, CC, 31, 00, 02, 65, 02, 63, 25, 89, 2A, D0, 48, A3, 82, BD, F8, 62, 37, 72, F1, EC, E3, 60, A4, 9B, 7E, 45, 4C, 9F, D1, 6B, A2, 7B, 9D, 5A, D9, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
212 KB (217,088 bytes)

The file pong.exe has been seen being distributed by the following URL.

http://ehub46.webhostinghub.com/~newber8/.../maha.exe

Remove pong.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.