Analysis Date2013-12-16 22:59:41
MD57dd710310806699c516eb683d7509154
SHA15d2b9de219c4a283ca4daecdf4c3776b648dcdc2

Static Details:

PEhash323ba71bc6adffd8683dddc499a3efea8cb77651
AVavgPSW.Generic12.QNC
AVaviraTR/Dropper.Gen
AVmcafeePWS-Zbot.gen.oj

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

Creates ProcessC:\WINDOWS\system32\drwtsn32 -p 1084 -e 104 -g

Process
↳ C:\WINDOWS\system32\drwtsn32 -p 1084 -e 104 -g

Network Details:


Raw Pcap

Strings
@@,<
040904B0
2.y&3/X,
@@"4
5.00.0454
5P(<
6F58
*\AD:\ffzefz4e89fefzefzef\REeB.vbp
asecfrgvtfd
BA8CKGmD
CompanyName
dd/MM/yyyy
dfgy36h46r5
Dino1
Dino1.exe
e651A8940-87C5-11d1-8BE3-0000F8754DA1
FileVersion
g*v$iz
InternalName
IWZ4
IYkiXb3iOo
jpbbqo2pyND
lmopkiljuhnbh
@Local\
mpolkiujhy
MU5d3hZHd9E
OriginalFilename
ProductName
ProductVersion
rA133F000-CCB0-11d0-A316-00AA00688B10
StringFileInfo
T2eD6wZQf9d
t~]gG
Translation
VarFileInfo
VS_VERSION_INFO
W5ATswr36th
wNku7DNmW
xKdA
= .$"	
|||____
0"^9>+
0FSPt3
]0g}V{
0[=xS#9
1Izo84
>1t-pW
;2-",Fn|
3:5("	
3Y>h|5
"4QG VA
4v>.F2V-
5'hY.+R6
5	saS:
5WNL3R
6#<t}/
7N~`{ZL
"?<;8"
";81q 
8N:5(	
9SN:5	
AERiI Z
a?"gHF
A#Mpy@
astllesbwaybeih
b?3hn6
>:<BD_[
BoundText
btj&kIk
&*%b u
<bU6_;
]b#W4Z
bYWTTPLI<<Ic
CKk!J_
CloseHandle
CM0]Uj
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
C:\Program Files (x86)\Microsoft Visual Studio\VB98\vbc22608.oca
CreateFileW
CtxtParentDate
CZ% QLhb
`.data
DataCombo
DataCombo1
~DataCombo1
DataList
DataList1
DefWindowProcA
DllFunctionCall
dmC6Bp9
,d+,N[]
Dr6`*t
DtF1x#
DTPicker
DvvlAq
dY+Q	kCU
`>E50s
	;)e8)
EVENT_SINK_AddRef
EVENT_SINK_QueryInterface
EVENT_SINK_Release
f'D%/qgMB
F]<DvH
fE}5{p
fH5pW@m
Frame1
FreeLibrary
"@fUG3
futrg&
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
g[!J[N
G(Q$$d
|||_hhh
hMiqev&v
|HZ/]P
iQs<lB]
i,sXAX?
jnhytgbvf
kernel32
kernEl32
kernel32.dll
kernEl32.DLL
]]]?KKK?KKK?[qu?v
#L1ax7P
lmopkiljuhnbh
"lmopkiljuhnbh
lmopkiljuhnbhensbtd8765lmopkiljuhnbh)
LoadLibraryW
l`s;?WW
Lw}/3+!(
/[/mA>
 m#kC^
mpilui
MSCOMCT2.OCX
MSComCtl2
MSComCtl2.DTPicker
MSDataListLib
MSDataListLib.DataCombo
MSDataListLib.DataList
MSDATLST.OCX
MSVBVM60.DLL
+]-N^~
N_F6mV
NIYubS
nx]\5~bj)
ofxyOxy
>oHO#_
ojalja
OpenProcess
ouiouiou
pD)`Ei
PGI+sBp
ProcCallEngine
Process32First
Process32Next
PropertyPage
PropertyPage1
pr`UmmXk
_q,5M@
qC:\Program Files (x86)\Microsoft Visual Studio\VB98\vbc30554.oca
q~NZ?6
R7%mpTc(
ReadFile
"R/H/Su)
Rlo]_^dU
rO72NT
RowMember
RowSource
`(Rq@4
)rQlXn
R/Qt`~
RtlMoveMemory
s,aw)"o
~SJz9t7ai
%sl3H("
S>x`Fa
SystemParametersInfoA
-t6?#@`
Td,m8P
TerminateProcess
$tg(Sg
!This program cannot be run in DOS mode.
TlmopkiljuhnbhR
TOrGU/
txtParentDate
u`DTKH
|`Up|wk
u-rVgP
user32.dll
UserControl
UserControl1
VBA6.DLL
__vbaExceptHandler
w.8m[}
WriteProcessMemory
Wu-+d?
w=Y1ZT
xuK/O3pb4
:y5*@	c
#'+YFs
Ygggv&
Yggvv1)bnje5
Ygt]M,jnnnjI
yt&ARTu
yv6<`DUS
yyyobbb
ZC/OL{F