Analysis Date2015-05-11 22:51:42
MD581a83a94eb72ac388bcdbeb8470b87fb
SHA13e43512e25707f080aa55d2f273854ac5b1ab55d

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 4c73ea720d631fa296d081365fc5bded sha1: 483914ad9e9d59f127c649e6ac1f238addff3eff size: 36864
Section.data md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rsrc md5: d7acf83a5c69313863dfde4229077c83 sha1: 828f3606c8fa0b8793e56f45fad6e54614b8ec3d size: 9216
Timestamp2012-03-30 19:11:21
VersionLegalCopyright: Copyright (C) 2010 by FastStone Soft
InternalName:
FileVersion: 6.7.0.1
CompanyName: FastStone Soft
LegalTrademarks:
ProductName: FastStone Capture
ProductVersion: 6.7.0.1
FileDescription: FastStone Capture
OriginalFilename:
PEhasha0079c1c4e93e3f89c3ceb661f1b63930680e276
IMPhashbb00b3623de1b2984e4aac72266ab8ff
AVAd-AwareTrojan.Generic.13185930
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)Trojan.Generic.13185930
AVAuthentiumno_virus
AVAvira (antivir)BDS/Bifrose.OB
AVBitDefenderTrojan.Generic.13185930
AVBullGuardTrojan.Generic.13185930
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)Trojan.VB.r3
AVClamAVno_virus
AVDr. WebTrojan.MulDrop5.52222
AVEmsisoftTrojan.Generic.13185930
AVEset (nod32)Win32/Injector.BYVN
AVFortinetW32/VBKrypt.VFUG!tr
AVFrisk (f-prot)no_virus
AVF-SecureTrojan.Generic.13185930
AVGrisoft (avg)Dropper.Generic9.ABXQ
AVIkarusVirus.Win32.VBInject
AVK7Riskware ( 0040eff71 )
AVKasperskyTrojan.Win32.VBKrypt.vfug
AVMalwareBytesTrojan.Inject
AVMcafeeRDN/Generic.dx!dql
AVMicrosoft Security EssentialsVirTool:Win32/VBInject.gen!FK
AVMicroWorld (escan)Trojan.Generic.13185930
AVPadvishno_virus
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVTwisterno_virus
AVVirusBlokAda (vba32)TScope.Trojan.VB

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
040904E4
6.7.0.1
Argentina
CompanyName
Copyright (C) 2010 by FastStone Soft
@*emmecenne-.ceStijopr3nd1lor6y4326stcotrnutostirandolo75334576qertyuipbvcf.mcn
FastStone Capture
FastStone Soft
FileDescription
FileVersion
InternalName
KERNEL32
LegalCopyright
LegalTrademarks
NTDLL
Ocurri
OriginalFilename
ProductName
ProductVersion
Rapipago
StringFileInfo
Translation
 un error, no se encuentra el archivo.
VarFileInfo
VS_VERSION_INFO
&&&&&&&&&&
4UBome
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_allmul
Altavoces
B6.OLB
ByteArray
CallWindowProcA
C:\Archivos de programa\Microsoft Visual Studio\VB98\
_CIatan
_CIcos
_CIexp
_CIlog
_CIsin
_CIsqrt
_CItan
C:\WINDOWS\system32\MCN.dll
`.data
DecryptByte
DestFile
DllFunctionCall
EncryptByte
EVENT_SINK_AddRef
EVENT_SINK_QueryInterface
EVENT_SINK_Release
FileExist
Filename
Fs];Gs
Fs@:Js$FHs
GetModuleFileNameA
GsBLHs
GsE`Gs
@Gs\THs
[Gs"UHs
hDeFile
hDeStr
hEnFile
hEnStr
hHs)uHs
HsbrJs
HsmLHs0jHs
Is@9JsJ
IstjHsh
jHsEjHs
kernel32
mcnmcnM
mcnMCNm
MCNmcnm
mcnmcnmc
McnMCNmc
MCNmcnmC
mJspuJs
MSVBVM60.DLL
ncmcnmc
NdWWWWQ
New_Value
nJs*aIs?|Hs
Percent
Progress
rJs1hJs
SourceFile
user32
__vbaAryConstruct2
__vbaAryCopy
__vbaAryDestruct
__vbaAryLock
__vbaAryMove
__vbaAryUnlock
__vbaAryVar
__vbaChkstk
__vbaCopyBytes
__vbaErase
__vbaErrorOverflow
__vbaExceptHandler
__vbaExitProc
__vbaFileClose
_vbaFileOpen
__vbaFileOpen
__vbaFixstrConstruct
__vbaFPException
__vbaFpI4
__vbaFreeObj
__vbaFreeStr
__vbaFreeStrList
__vbaFreeVar
__vbaFreeVarList
__vbaGenerateBoundsError
__vbaGet3
__vbaGetOwner3
__vbaHresultCheckObj
__vbaI4ErrVar
__vbaLbound
__vbaLenBstr
__vbaLsetFixstr
__vbaNew2
__vbaObjSet
__vbaOnError
__vbaPutOwner3
__vbaR8IntI4
__vbaRaiseEvent
__vbaRedim
__vbaSetSystemError
__vbaStr2Vec
__vbaStrCat
__vbaStrCmp
__vbaStrCopy
__vbaStrMove
__vbaStrToAnsi
__vbaStrToUnicode
__vbaStrVarCopy
__vbaStrVarMove
__vbaUbound
__vbaUI1ErrVar
__vbaUI1I2
__vbaVar2Vec
__vbaVarCat
__vbaVarCopy
__vbaVarDup
__vbaVarMove
__vbaVarVargNofree
__vbaVarZero
vOBome
VQh($@
VRh($@