Analysis Date2013-12-28 04:40:31
MD50d1d592f232ced109e8fbf548df2378f
SHA151fe3548090c4d7f9d9b58ec0d9bee175f5b943e

Static Details:

PEhash323ba71bc6adffd8683dddc499a3efea8cb77651
AVavgGeneric35.AMSE
AVaviraTR/VB.Inject.kqrwa
AVmssePWS:Win32/Zbot

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
_]<\\
@@,<
040904B0
-=09
/-,2
@@"4
5.00.0454
*\AD:\ytftfytfytfy\REeB.vbp
asecfrgvtfd
B.hHyRTV`H
#C6\.U1R5Q;R'Y*
c8wt
@cal\Mi
CompanyName
dfPxIb
Dino1
Dino1.exe
e651A8940-87C5-11d1-8BE3-0000F8754DA1
FileVersion
InternalName
@l\Micr
mpolkiujhy
 or da
OriginalFilename
ProductName
ProductVersion
StringFileInfo
(}%:&tDF
Translation
VarFileInfo
'V+D(
VS_VERSION_INFO
WUBHxFyvs5
xfqwXtI2D3
YU,~X$Ux
|||____
0.<DTGX
1gTwN!#
1_{r;H^
2SmC0f
2yI#bY
"328C=
33Qq#F
3:5("	
:3i_R`
4	hn#U
5$h]RB
]5I4Z=
5WNL3R
6FX:H?
6WX!3&
[}#7Ta_
"?<;8"
";81q 
.8bLC$
8N:5(	
8y(mb=
@9cwmh
_9!J:	N
9SN:5	
AllowAddNew
AllowArrows
AllowDelete
AllowUpdate
Appearance
astllesbwaybeih
/At- #
ATXxi2
BackColor
bbd]Km
bd W>bXbJ
BorderStyle
>,B]R6
b<@RO]
bYWTTPLI<<Ic
cLj.VUbR
CloseHandle
cmbField
cmbOperator
ColumnHeaders
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
C:\Program Files (x86)\Microsoft Visual Studio\VB98\vbc22608.oca
`C:\Program Files (x86)\Microsoft Visual Studio\VB98\vbc29208.oca
CreateFileW
CtxtParentDate
C%x|	X]
>+D0`m(
`.data
DataFormats
DataGrid
DataGrid1
DataMember
DataSource
DefColWidth
DefWindowProcA
DllFunctionCall
dSJvYi
DTPicker
du4:fc
DvvlAq
E^0MXaa
}Eg^y"
E-?u}]
EVENT_SINK_AddRef
EVENT_SINK_QueryInterface
EVENT_SINK_Release
FeC=hC
FIcUsh#
Field :
fj\>SV
ForeColor
Frame1
frameDatagrid
FreeLibrary
FS%X4li
fUYpcd
G`bXei
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
gK,Hm]g
:gQ4m6
)gv?$D	WW
h|5&~m
|||_hhh
HJS4.	XE
Ho<3c8
_)=HOz
h?*x\`
i| /ed
|iflM&
IjogIt+
iP.LY|
itwf;h
$J;cdv
JE=\.IH
jnhytgbvf
-j:Pk/
jq(cO{
jufv:NyO
kernel32
kernel32.dll
kernel32.DLL
]]]?KKK?KKK?[qu?v
!KM[Wi
kt-UL.'{
K~z?}4
Label1
LoadLibraryW
Ls,c{s
M9eWuQ
-[`MaG
mpilui
MSCOMCT2.OCX
MSComCtl2
MSComCtl2.DTPicker
MSDataGridLib
MSDataGridLib.DataGrid
MSDATGRD.OCX
MS Sans Serif
MSVBVM60.DLL
mvDME;
MxWcqI
NeSatbdWrk
NeSatbdWrk*5#
NeSatbdWrkftukdfg56789NeSatbdWrkQ_f
>.n<UFd
 %\nu.!L}
N*X;$J
,NZdMT
oECaddn y0vx
=Of|YA
ojalja
OpenProcess
ouiouiou
p`F-Hb
ProcCallEngine
Process32First
Process32Next
PropertyPage
PropertyPage1
pr`UmmXk
P}TKO%?}
<Qaz3a
:qI<c^!
'R1d}'`[
ReadFile
rH{Y&z
RightToLeft
R%kM]i
rOy'`=
RQSl{+
RtlMoveMemory
?RUXg%
=SeIH\
SystemParametersInfoA
TabAcrossSplits
TabAction
%TAQ;j
T.;d<Ba
TerminateProcess
!This program cannot be run in DOS mode.
t\Ho|r{
t/@t3,1Q
t+wqd5+
txtParentDate
`U1quC
ublic mpilui
UMkP]ij 
|`Up|wk
user32.dll
UserControl
UserControl1
UvD"WIB
uWiPU'n
Value :
ValUserControl1
VBA6.DLL
__vbaExceptHandler
"VWTCH"
w@Eh)8
WrapCellPointer
WriteProcessMemory
,xa1j2'
XJAzTxG
x:LWJR
Ygggv&
Yggvv1)bnje5
Ygt]M,jnnnjI
Y{j2F/*
yyyobbb
}._Z?-
ZC[DpE2
#z{fqzey
\Z"g	:
~~Z,"L
ZZ?E|=