Analysis Date2013-12-30 20:59:24
MD540358fe54a9b9a2ab53e692ebbb4fbab
SHA17bc449a429a67a45339c52545a99695d9e7aae9b

Static Details:

PEhash323ba71bc6adffd8683dddc499a3efea8cb77651
AVmcafeePWS-Zbot.gen.oj
AVavgDropper.Generic9.BGJ
AVaviraTR/Dropper.Gen
AVmsseVirTool:Win32/VBInject.gen!LD

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
@@,<
040904B0
/())1
1PZ_%
@@"4
5.00.0454
8rar
./%9
*\AD:\ytftfytfytfy\REeB.vbp
asecfrgvtfd
B3y0cF
`<bPt
CompanyName
DELLHhQVfOV
Dino1
Dino1.exe
e651A8940-87C5-11d1-8BE3-0000F8754DA1
FileVersion
FuF0DgvgFR
I6C7mCkkTHh
InternalName
l\Mi
@l\Micr
mpolkiujhy
O0mIpdujV
OriginalFilename
ProductName
ProductVersion
?R-}
]s[[dx
StringFileInfo
Translation
UxQeA
VarFileInfo
VS_VERSION_INFO
wu566H0UfQ7
x7Y0
XNbZpxdldI
xQ8jv1FN
|||____
0F=mCF1
(,1*^in
1n$0y#
2w${',
3:5("	
3<a~:{z_
^3ZMH}
4?R&wT
(5Bv,ol2
&5GS|!
5WNL3R
/~~~/,7
"?<;8"
810-M4
";81q 
8+dW}o
8N:5(	
9SN:5	
'A-C5SH
;aFIe?h]VY->
>%aJB:
AllowAddNew
AllowArrows
AllowDelete
AllowUpdate
&;a^p",
Appearance
astllesbwaybeih
a{UA@6{
"B2%/S
BackColor
B^.c^>
bf3ntW
?b&l|$
BorderStyle
bro48	
#b@y;t
bYWTTPLI<<Ic
c]J	CZy
CloseHandle
cmbField
cmbOperator
ColumnHeaders
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
C:\Program Files (x86)\Microsoft Visual Studio\VB98\vbc22608.oca
`C:\Program Files (x86)\Microsoft Visual Studio\VB98\vbc29208.oca
CreateFileW
CtxtParentDate
`.data
DataFormats
DataGrid
DataGrid1
DataMember
DataSource
'D&BR;bm
DefColWidth
DefWindowProcA
DllFunctionCall
dOO[&E
DTPicker
]@dtS]
DvvlAq
eEG}LI
eJ7vd6z
eKC9B$
e's@JIL3
EVENT_SINK_AddRef
EVENT_SINK_QueryInterface
EVENT_SINK_Release
f{${_A#
F ENR>
Field :
fkj]z#
F^L@To
ForeColor
Frame1
frameDatagrid
FreeLibrary
F'W)kI
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
G%X!o6
Ha,IY{
H&bp'X!"yMu
|||_hhh
]hK,!NNz
@h(R~H1(-{
]ie-Y367
ImOf%6
iu.YD=2
`#i+WW
jnhytgbvf
+#+joK]
_J% _Qt3'i
@jYCDK6T
K<%*9*
kauNnj
kernel32
kernel32.dll
kernel32.DLL
KJr)Is
]]]?KKK?KKK?[qu?v
KYb!G$
Label1
#"lA_F
|]l(Bj
LExM{W
li=t2A
LMXJt;r46
LoadLibraryW
\_*=/m
mpilui
MSCOMCT2.OCX
MSComCtl2
MSComCtl2.DTPicker
MSDataGridLib
MSDataGridLib.DataGrid
MSDATGRD.OCX
MS Sans Serif
MSVBVM60.DLL
m[U]bK,/
NeSatbdWrk
NeSatbdWrktgbyhnujmik936785h6ll9NeSatbdWrk
NrQp	nv
}ocFY2
ojalja
o_NW$h
OpenProcess
oSxwG.-I
ouiouiou
o	X-%c
oYHANw
'pj&+;
P%ny*#
pov}L 
ProcCallEngine
Process32First
Process32Next
PropertyPage
PropertyPage1
pr`UmmXk
PsD`Mwu
>q7aQy
q;8{33
q?x*x9
ReadFile
RightToLeft
R"K'<ful0bK
R\MQn(]J
RtlMoveMemory
:"*|RX	
/|\|+s
*so"!+
	.^S)S
S(/UUi
SystemParametersInfoA
%t1ove
T2J:?M
.T.|a_
TabAcrossSplits
TabAction
tC*Z)0%m
TerminateProcess
!This program cannot be run in DOS mode.
:*..Tk)
tX#oP=
txtParentDate
U[&]02L
-U+`6My
%UpaB[P
|`Up|wk
user32.dll
UserControl
UserControl1
v0TYMr
Value :
VBA6.DLL
__vbaExceptHandler
]Vh_+%
:vS|I1
@)wgg/
wnu0's
wO<Bs.X~RKh
 Wr<<5Jv'
WrapCellPointer
WriteProcessMemory
[|[wVJ
x7sQg8-h
]x9jH{
"XRXc&x
,xUA-9
x)vLku
Y0Jy.=
Y7s"xK
Y\aBIY|
Ygggv&
Yggvv1)bnje5
;Y'g(n0=	
Ygt]M,jnnnjI
!y(hNd
YybuUY8>
yyyobbb
?@Z/!,^
ZhotBET
zV>R%?n
z}X|q<a