Analysis Date2014-07-30 12:39:02
MD52641ad0c564d33882e2e08365ce0b799
SHA171344c515d5292464ed01a94d6d9389808c34b90

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
AV360 SafeTrojan.Downloader.Zbot.D
AVAd-AwareTrojan.Downloader.Zbot.D
AVAlwil (avast)Injector-BOL [Trj]
AVArcabit (arcavir)no_virus
AVAuthentiumno_virus
AVAvira (antivir)TR/VB.Inject.kqrwa
AVCA (E-Trust Ino)Win32/Zbot.HVO
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. WebTrojan.Packed.25033
AVEmsisoftno_virus
AVEset (nod32)Win32/Injector.ASKB
AVFortinetW32/Injector.ATCM!tr
AVFrisk (f-prot)no_virus
AVF-SecureTrojan.Downloader.Zbot.D
AVGrisoft (avg)Generic35.AMSE
AVIkarusTrojan.Win32.Scarsi
AVK7Trojan ( 00490e901 )
AVKasperskyTrojan.Win32.Buzus.ofmi
AVMalwareBytesTrojan.Crypt.NKN
AVMcafeePWS-Zbot.gen.oj
AVMicrosoft Security EssentialsVirTool:Win32/VBInject.gen!LD
AVMicroWorld (escan)Trojan.Downloader.Zbot.D
AVNormanwinpe/Troj_Generic.SBHMC
AVRisingno_virus
AVSophosTroj/Agent-AEZP
AVSymantecTrojan.Zbot
AVTrend Microno_virus
AVVirusBlokAda (vba32)Trojan.Buzus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
_]<\\
@@,<
040904B0
-=09
/-,2
@@"4
5.00.0454
*\AD:\ytftfytfytfy\REeB.vbp
asecfrgvtfd
B.hHyRTV`H
#C6\.U1R5Q;R'Y*
c8wt
@cal\Mi
CompanyName
dfPxIb
Dino1
Dino1.exe
e651A8940-87C5-11d1-8BE3-0000F8754DA1
FileVersion
InternalName
@l\Micr
mpolkiujhy
 or da
OriginalFilename
ProductName
ProductVersion
StringFileInfo
(}%:&tDF
Translation
VarFileInfo
'V+D(
VS_VERSION_INFO
WUBHxFyvs5
xfqwXtI2D3
YU,~X$Ux
|||____
+0s0FQ0
)1:8E8+
3:5("	
3	e2gj
3s]r:!te
 4esFi16
5WNL3R
%*5wNr
"?<;8"
";81q 
8 A7Q}_
*8al85
8N:5(	
9SN:5	
AllowAddNew
AllowArrows
AllowDelete
AllowUpdate
Appearance
astllesbwaybeih
b2%7|K
BackColor
bbd]Km
?$.Bk%	
BorderStyle
bYWTTPLI<<Ic
CloseHandle
cmbField
cmbOperator
cO	kD>f
ColumnHeaders
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
C:\Program Files (x86)\Microsoft Visual Studio\VB98\vbc22608.oca
`C:\Program Files (x86)\Microsoft Visual Studio\VB98\vbc29208.oca
C	rD(X
CreateFileW
CsMQ$t.e
+C]}tv>
CtxtParentDate
#<d^\ 
`.data
DataFormats
DataGrid
DataGrid1
DataMember
DataSource
DefColWidth
DefWindowProcA
DllFunctionCall
Dq(YHq
DTPicker
DvvlAq
DXwOBZ
{{ES{_
EVENT_SINK_AddRef
EVENT_SINK_QueryInterface
EVENT_SINK_Release
Field :
ForeColor
Frame1
frameDatagrid
FreeLibrary
)&g5#9
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
g^n6g5
,Hc;@*b
|||_hhh
['HJUj
i3<X( 
\I)"8x
I|&<e7
I<L\J:
:=iX3}
jnhytgbvf
jugviNCO
kernel32
kernel32.dll
kernel32.DLL
]]]?KKK?KKK?[qu?v
>kZ9qp
"L5KxN
Label1
L+dvib
L,Fio(
lj,\)oE
LoadLibraryW
-[`MaG
MD+<})
Melwpcq
mpilui
MSCOMCT2.OCX
MSComCtl2
MSComCtl2.DTPicker
MSDataGridLib
MSDataGridLib.DataGrid
MSDATGRD.OCX
MS Sans Serif
MSVBVM60.DLL
mUFfRI
_n\1~w9
NeSatbdWrk
NeSatbdWrk*5
NeSatbdWrkftukdfg56789NeSatbdWrkQ_f
,NZdMT
*O%|=`
=Of|YA
ojalja
o]')?ks
oM_jhtk
OpenProcess
ouiouiou
&=pn(l9
P[N*MJ
ProcCallEngine
Process32First
Process32Next
PropertyPage
PropertyPage1
pr`UmmXk
P~Y=} 
q=!ar`+q
q@Dw2#
:qI<c^!
'R1d}'`[
R2w7z6
r${5&z
ReadFile
RightToLeft
>rKkgX
,rnodG3
RQSl{+
RtlMoveMemory
rZSU8x
SalrO*
S,*L6e
).St6m
SystemParametersInfoA
TabAcrossSplits
TabAction
TerminateProcess
!This program cannot be run in DOS mode.
TRrXtD)
txtParentDate
ublic mpilui
U>cs>[
U.|m<q
UpMpl^2d.
|`Up|wk
uqE^fb
user32.dll
UserControl
UserControl1
Value :
ValUserControl1
VBA6.DLL
__vbaExceptHandler
	vW3$'(
we[Flq
WrapCellPointer
WriteProcessMemory
} xE-?
X>ebT]
{ xi7f$
XJAzTxG
X!#ZTkL
Ygggv&
Yggvv1)bnje5
Ygt]M,jnnnjI
yhIIP/
yyyobbb
y #Z{D
:Z*~|@
ZC[DpE2
-zf	e{
Z'tf'9