home

mipony.exe

InstallVibes

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application mipony.exe by InstallVibes has been detected as adware by 17 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from direct.download-free-videos.com.
Publisher:
InstallVibes  (signed and verified)

MD5:
38a768e4d44cad9cc6285998d97c400d

SHA-1:
4318ef89fb2787d6fbf82c88a65bd72316af63cb

SHA-256:
fd5afe2ac0186bb0255e4fb187796c01080d9680c02771eba5a7aeb2dc523d05

Scanner detections:
17 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/26/2024 11:24:30 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.Zbot
2015.02.02

Avira AntiVirus
TR/Dropper.Gen
7.11.30.172

avast!
Win32:Adware-CEX [Adw]
150101-1

AVG
Bundlo
2016.0.3211

Comodo Security
Application.Win32.Bundlore.H
20932

Dr.Web
Adware.Downware.4744
9.0.1.05190

ESET NOD32
Win32/Bundlore.H potentially unwanted application
7.0.302.0

F-Prot
W32/Dropper.gen8
4.6.5.141

K7 AntiVirus
Trojan
13.193.14825

Malwarebytes
PUP.Optional.InstallCore
v2015.02.02.04

McAfee
Program.PUP-FKW
16.8.708.2

NANO AntiVirus
Riskware.Win32.Downware.ddpjxj
0.30.0.65070

Norman
Gen:Variant.Adware.Graftor.145438
02.01.2015 13:58:24

Reason Heuristics
PUP.Yontoo
15.2.2.4

Sophos
PUA 'Bundlore'
5.09

VIPRE Antivirus
Threat.4150696
36694

File size:
263.2 KB (269,544 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\mipony.exe

Digital Signature
Signed by:
InstallVibes

Authority:
COMODO CA Limited

Valid from:
3/20/2014 2:00:00 AM

Valid to:
3/20/2016 1:59:59 AM

Subject:
CN=InstallVibes, O=InstallVibes, STREET=Ehad Haam 21 St., L=Tel Aviv, S=Israel, PostalCode=6515103, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F29201EBC1EAD2B751F2854AD68C6244

File PE Metadata
Compilation timestamp:
6/12/2014 7:47:02 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
3072:mZyq5vrBKnH8Wu8Cl4UgWLAqpsSWLQcstOihD6f0xnYyRGiQzQJR4HQVZLH+9S:mZyMeM8JKAyaj9Sw0xHwiU4R4QKS

Entry address:
0x28F2

Entry point:
E8, 98, 34, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 18, 6B, 41, 00, E8, 38, 25, 00, 00, E8, 69, 36, 00, 00, 0F, B7, F0, 6A, 02, E8, 2B, 34, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, EA, 2B, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.2520

Code size:
62.5 KB (64,000 bytes)

The file mipony.exe has been seen being distributed by the following URL.

http://direct.download-free-videos.com/lp/f357b5f0/mipony.php?AppName=Mipony&DownloadUrl=http://download.mipony.net/downloads/MiPony-Installer-Silent.exe&SilentParams=/S&eulaLink=http://mipony.net/en/MiPonyLicense.txt&ppLink=http://mipony.net/en/privacy.php&BannerImage=http://download.cdnurl.com/.../mipony-skin.gif&LicensePageSubTitle=Advanced download manager&hash=f62acc04f15ae1d68af7bc30076b06d42db1013d8a66c348292d30c940b625ed

Remove mipony.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.