Analysis Date2015-01-21 22:58:26
MD57a704317f540c08759f3feb1c9f61c9e
SHA13f3fbe898c2be6e0e09dde9001bf6183fc9d96a4

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
AV360 Safeno_virus
AVAd-AwareTrojan.Encpk.Gen.4
AVAlwil (avast)VB-AHEF [Trj]
AVArcabit (arcavir)Trojan.Encpk.Gen.4
AVAuthentiumW32/Trojan.HUWU-7845
AVAvira (antivir)TR/VB.Inject.279189
AVBullGuardTrojan.Encpk.Gen.4
AVCA (E-Trust Ino)Win32/Inject.bSUCdQC
AVCAT (quickheal)Trojan.VbInject.LD3
AVClamAVno_virus
AVDr. WebTrojan.PWS.Panda.2401
AVEmsisoftTrojan.Encpk.Gen.4
AVEset (nod32)Win32/Injector.ASPZ
AVFortinetW32/Injector.ATCM!tr
AVFrisk (f-prot)no_virus
AVF-SecureTrojan.Encpk.Gen.4
AVGrisoft (avg)Inject2.IJI
AVIkarusTrojan-Spy.Zbot
AVK7Trojan ( 0048ffad1 )
AVKasperskyTrojan-PSW.Win32.Fareit.amnp
AVMalwareBytesTrojan.Crypt.NKN
AVMcafeePWS-Zbot.gen.oj
AVMicrosoft Security EssentialsVirTool:Win32/VBInject.gen!LD
AVMicroWorld (escan)Trojan.Encpk.Gen.4
AVRisingno_virus
AVSophosTroj/Agent-ADBJ
AVSymantecTrojan.Zbot
AVTrend MicroTSPY_ZBOT.SMUL
AVVirusBlokAda (vba32)TrojanPSW.Fareit

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\ca8e_appcompat.txt
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\ca8e_appcompat.txt
Creates ProcessC:\WINDOWS\system32\drwtsn32 -p 984 -e 152 -g

Process
↳ C:\WINDOWS\system32\drwtsn32 -p 984 -e 152 -g

Network Details:


Raw Pcap

Strings

040904B0
2.03
?!4,::74%9>(4(%
*\AD:\44f98z4e9f8z4e9f\uygyfuyf.vbp
@-c.exe
CompanyName
dd/MM/yyyy
e651A8940-87C5-11d1-8BE3-0000F8754DA1
F9KyGim
FileVersion
frietampnhhglucas
hytgfredcv
InternalName
Kitten
Kitten.exe
N3fBmxUu
o2r9rKY
 or da
OriginalFilename
ProductName
ProductVersion
StringFileInfo
/t2\>]
Translation
ujhytgfvbng
uZNOjp
VarFileInfo
VS_VERSION_INFO
vuZntzDZa
Wxu8BbY
WzWj8vT
Z@Ej~
"((((((((
&0--*((((
04M`Go
 0jn@WO
`0.K0k
0m)*r2
><0"[n
0<tJT>
~/0V>f}
;0%	w7sr
1A}(7	
}{]1ii
;1O})s
1tgltgh
&1Xven
(1*'y}
(2a"g]
2LO~G%L:
=2T(jI
2z 0!$
-2Z>9r
'3,5)(
3a>ss%
`.3-(_b
3'F ()K
3Ht.\L
3nJO0e`A
3Tk*qT
(3W"0o7
3x0j=y
3zLC&db
$[4e!8:
4FVGh{
4V!Wa 
&4xL6<
5'(1nH
}!5+%6
]5:7&K?w
5'_fhb
5Ke\nA
5<LP_&
+6666321-
66+ynX
!"6v>]
6yjyX.
71rEpJ
79!zC*.TP
7hzhVYb
7i!Ghw
}>,?7mw	Z
7|(uEl6
7%_=UWyy
7*wy?q.
7xX*^]%
86|ZS%
/88888886%
@8	-Ak
8B%VIP
_>8b!Z$
8.	c&0
8'(,d-Z
8?E!It
'8gkz}
=8JRp<
8'K&$/
`	 ?8u
9$4roWI
9$]-fy
]9	I_g
9'LvqS
:9t1AcPh
9T$:!M5
>9}y>A
9?Z0	4
A7:yBz
![[_Aa
ae}`a~r/6#@
A;*F}>
'A^GMm
|akQU_
	AK[rt
AllowAddNew
AllowArrows
AllowDelete
AllowUpdate
ao-9w[
Appearance
(aQzt{89
{aU@[/!
#AZ@wWt
b~?]1}
B`7G`M
BackColor
B!=Bw1
b.BxnnmT
b	C.FST
bEcqpr
bEi&a]
;BET)}
bIR13.W
B&KE|	,9l$
BkK3I2TOE
BOeF,S
BorderStyle
BO T|!
~b;Ski
BVRRcf/}
^/@-"<"c
]c1#tM3 ]T
C3$bNs
C>6Pk=yto
@cB0)gc
CDa^==
,Cd"~p
cdv-p{	n
c:JX'fA;
CloseHandle
cmbField
cmbOperator
ColumnHeaders
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
C:\Program Files (x86)\Microsoft Visual Studio\VB98\vbc22608.oca
`C:\Program Files (x86)\Microsoft Visual Studio\VB98\vbc29208.oca
c#rBh&
CreateFileW
CtxtParentDate
c\vpur
~c]+[Y
C-Y"AFg
Cz*Cy_
d1"Jb4
(D'6HUw/n
";'D/8
?d*A:0
`.data
DataFormats
DataGrid
DataGrid1
DataMember
DataSource
DefColWidth
DefWindowProcA
[}+DfnA
DllFunctionCall
D*M(]}t`QH
[d--.P
d|].tc
DTPicker
DT%!qp|k
},D=")x ofq
dza)6{1-
/}D,[zG
d]zS5& 
E2ZQU,
E35AHe
EA*"a8
%(EAB2
~e+[{B
=ebDc/G
e[bYW6
e#"_DH
EhW{A-
E[Jsi_Y
+ERRty
EVENT_SINK_AddRef
EVENT_SINK_QueryInterface
EVENT_SINK_Release
&eZ|d*d#
|&ezD!L
F4<`R,
F5R6yC-;
>FA>Q4dC
;f"DT9
fF>fC	
(FHY9t
Field :
"F>.j.=
fJCaZ<
fk	4ws
=FLw[#
&fneV9
ForeColor
*Form2
_F)=oZX+6
=fqj^o
Frame1
frameDatagrid
FreeLibrary
frietampnhhglucas
frietampnhhglucas484658516643434mp7frietampnhhglucas
 $F@`S6,
fU{{N'
fx-uz%
}f&zC]QZ
g2MCEkC7
*&G]2N=
g9k{SMkU(
gA)A!s
>g}\D~
}ge2p{' 
^gepml:/;NGn
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
-G|G?] 
G'Ir6D
gj`9o-L
G!|#{pTU
GUDYD	
}GVe%4u
@gXGCq
G.XPbZ
Gx{s?N"
GZbS.Z
Hb'n3]z
-H&c'R<
HGD4kk
HHd94YAJ}
hHP(72
hSoGx2
_=hU||
hUjvtU"
hvFgT[
h:['vr 
?-hvy>-
[H=/w$E
HY	A-oI
[hzF4'>
i-_)7]
[I8lhP
i hLvc
ilbalwaysthebes
IN@zMZ
it^^;W
IZ$`-x
JAj}aAb
jajalo
JaJ%{K
j\e:@cM
je,O"S
jf(&eu\YP
>J$JL,l
,jNcRZ
JR]`gS>
J^>^~TZ
?[=JVD
J	VG%u_
Jw)0-Lc
(j?zKH
k3da7VB
:{k6JR}
K6w6'qa
K/{|A[
KE82}K
kernel32
kernel32.dll
kernel32.DLL
k<f`&e,
k:F'&@ZU
k~gfo:
.K;GU".?*
Kitten
>*kJY4O
KL3M.5
kL,X	Z
*.>k-'p
KPzhg)SW
kv"2yM0
kZWdTR
;-,>,l-
	_/l:*
L45\F%
L!|!84
la:{3x
Label1
LCOQvM^}
"Lf<v:
LoadLibraryW
 L;q#!
\LQ/sd^
l'.u=3
LuHxJ7
m04.g/f
+-[M4Q
#M523_
MAPO8c
MethCallEngine
m!mI7Zi
Mn}bZj
Mq88'7
MSCOMCT2.OCX
MSComCtl2
MSComCtl2.DTPicker
MSDataGridLib
MSDataGridLib.DataGrid
MSDATGRD.OCX
MS Sans Serif
MSVBVM60.DLL
*M#wcGo
M=x`Q>
:n7M,t0Vh
>n/cad
nI2aiC
n>jAB>
	Nk?<d
"n`	LF
nMdgj=
N}Q?>q
N%!qZy
nUF[mM
%{"{O]
 O__I;
OiMu#P
OkE(=`
oLU2xObbc
?O)nXZT
OpenProcess
>opy$d$
$oQ?n|
ouiouiou
O)w|9 
o=WFuL+.h
+P2Iw~
P6v8/;
P:C,^9
p |,gl}
\pjvb-Q
p\"L3S}
pMCunB
^PP>}K
pRN(M0
ProcCallEngine
Process32First
Process32Next
 Pv"#+
pVDEOs
PWo*'5)s
*q5)<y
@q96	dL_b#
q#AN:	*\iF
__QfS#rk
&Q!jx%"
.qO00-5q
qS7i)w4Oq
qT"";LA
*Q.Z\{
R59*al
,'r,DG
ReadFile
RE?,np
R/.EZE[
RightToLeft
.rNXoi
ro/S]gg
rpA}VtG\
R"px1+
&!=.Rs<&
RtlMoveMemory
RxB82H
r(Yn5T
s%=5f\
S5q0`2
.sdIEH
si4eAy}
}SMS	CF
SMu'@\
sN/,r@
S	od\OBQ
;s),OX
!+srh/
SystemParametersInfoA
%S@Z%oyQ1
s)}ZP6
{~<;T+
,`"T0p
T^2p(R
T7`U-^
TabAcrossSplits
TabAction
tC(n=x
T{Ei'v@
TerminateProcess
t*FC@Z
!This program cannot be run in DOS mode.
T'	Jvs
`tj(#Zo7
T|kTXKy
%t`$<R
TT#K#Z
TU4ibx
txAQEC/k}
txtParentDate
txtSearchValue
txtStr
:>-}Ty
TY1YCD
U.-0u}.
U/3"__
UbI*'I
uF	5-9
uijrfed
UK]L6C
?U+L; Z
Uouv+hj;
	u-q`2!
{!"Uq|`H
U~:rB5v3
US!5{*
user32.dll
,UtS!F
UvXBNg
U+xj1e
<*U)]y
U"+#(Y
uyhjtredc
,uZQKM
Value :
Vb,3FD
VBA6.DLL
__vbaExceptHandler
V'b}r|~/!
Vdjn:,E
V?e-V}
vF)fMH
Vfrietampnhhglucas
vN4jY2
VRqj9*e
Vt+"{<9n
;{VU=p
V!<vIH
#W0R[a
;W2{=v
W|B3F.
Wbe=k4o
w`B]ng
(wH2~OF
- whV&m
w}(Q$4
WrapCellPointer
WriteProcessMemory
=W sqFJ
*:w$UE#zQ
WV"Cj	.
wV~Mb$k
<-wW]p
wwwwww
w%X axa
+x?|0<
x0QDx<{(
*xa]so
xCvK&6.X
'X;]]~e
x"GSQ$}
&xhHF<
|XIBu-
xI"O)}
.xJJFdw
xlg}dND
^xm{x8^
XOV<uw
x\|rGn
.XtU)c
x@Un@_
)xyrpL464
XY)[$Sa
Y1Rv&,
y71!%CI
Y9}2$dL
 yfVT:n
YQzl	[R
yS2,A)
Y)-(u"
=z1A9<
z1eXV.$/	&
|^z1sgg
z	3,Mk
}ZB+Dr
z[~bmZ
%ZG~C	
zjgd_R\:
Zn,~H	
]Zt32^
Z_u.}9D
ZxBXE^