Analysis Date2013-12-25 14:49:45
MD5569e64cce4c89a12017fc9ead1e90a8b
SHA190ea82632085c10b9b1b2f2d07745b5d359f8972

Static Details:

PEhash323ba71bc6adffd8683dddc499a3efea8cb77651
AVmcafeePWS-Zbot.gen.oj
AVavgPSW.Generic12.PLB
AVaviraTR/Dropper.Gen

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
@@,<
040904B0
,1qjk}
@@"4
5.00.0454
*\AD:\ytftfytfytfy\REeB.vbp
asecfrgvtfd
B4GFDB
CompanyName
Dino1
Dino1.exe
DsHc8nePM7f
DUzUyA
e651A8940-87C5-11d1-8BE3-0000F8754DA1
eIpyrZ2vhEP
FileVersion
+<G:
HIBj
InternalName
mpolkiujhy
Ok5QWa
 or da
OriginalFilename
pNjj3fn5
ProductName
ProductVersion
PZsJ1jHHn
StringFileInfo
,T.&^>
Translation
VarFileInfo
VS_VERSION_INFO
]?-X6
yb48XO
ysz3B
YtqYQyF4k1H
|||____
$;=0[C
1 Mskr
1vOhtI
2:K]h60 t
2s3i)+
3:5("	
5h`hFyc`
]5,{(n
5WNL3R
{66igJ[
6+X~e[
6.#x|VV
73$`yo
74t,^^9
"?<;8"
";81q 
8N:5(	
9SN:5	
:{9 zT
a0+}9ap
`a6pbE
AfF^T\
)AG4i_^
a_lLE?
AllowAddNew
AllowArrows
AllowDelete
AllowUpdate
Appearance
|a}Q.7
)}ARJ`
astllesbwaybeih
		Au]}E
BackColor
BorderStyle
	bQduD
]bS'G?
bYWTTPLI<<Ic
CLh]@h
CloseHandle
cmbField
cmbOperator
ColumnHeaders
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
C:\Program Files (x86)\Microsoft Visual Studio\VB98\vbc22608.oca
`C:\Program Files (x86)\Microsoft Visual Studio\VB98\vbc29208.oca
CqLnJ&
CreateFileW
CtxtParentDate
CvIY3k
]<CX=w
`.data
DataFormats
DataGrid
DataGrid1
DataMember
DataSource
DefColWidth
DefWindowProcA
DllFunctionCall
DTPicker
DvvlAq
#.E5Xi#
=<[E99
e:$?cI
e\u9b`9
EVENT_SINK_AddRef
EVENT_SINK_QueryInterface
EVENT_SINK_Release
f>7Vtp>
Field :
ForeColor
Frame1
frameDatagrid
FreeLibrary
):fw[^"
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
|||_hhh
[*.H_qL
Ij}k$m0
ITc\Q&Z
jnhytgbvf
kdk]Av
kernel32
kernel32.dll
kernel32.DLL
]]]?KKK?KKK?[qu?v
L3osvI}?
Label1
Ld`H>@
lNeSatbdWrk
LoadLibraryW
lP7RZ%
mAXWxB
MBg)n(
mbR@Xj
mE^>!I
m=?eia{e
m_^Lv7
mpilui
MSCOMCT2.OCX
MSComCtl2
MSComCtl2.DTPicker
MSDataGridLib
MSDataGridLib.DataGrid
MSDATGRD.OCX
MS Sans Serif
MSVBVM60.DLL
NeSatbdWrk
NeSatbdWrkftukdfg56789dfghjk78NeSatbdWrklo)
NK4gFP
oB4]G{}J
ojalja
OpenProcess
ouiouiou
!]o{ws
P~a=<+
`;PiiI
.,pp;Y
ProcCallEngine
Process32First
Process32Next
PropertyPage
PropertyPage1
pr`UmmXk
{/Put=
Q(QR(g
ReadFile
ReunX\
RightToLeft
Rony$<m
R	pl3%
RtlMoveMemory
s 	8jX
Sdcez`
s(k[%y)-
sKZr/'9
SystemParametersInfoA
t8-x2G
TabAcrossSplits
TabAction
TerminateProcess
;Tg%Gp
!This program cannot be run in DOS mode.
T:_M'9
{tR!pU
txtParentDate
u6!]YG
\}Ub4\P
ublic mpilui
uNk\.0
|`Up|wk
U	S0T!*
user32.dll
UserControl
UserControl1
+[V0(49 fc
Value :
ValUserControl1
VBA6.DLL
__vbaExceptHandler
-v(Q~)
VU@@	\
V|Z[E.N
@wq]{V&
WrapCellPointer
WriteProcessMemory
wTt'(?
X1!VNQ
?X2,d8
*?X-G8
xI*$0"G
"x"PME
x'%{sL
+>'`-y
	y[D1\
Ygggv&
Yggvv1)bnje5
Ygt]M,jnnnjI
\Ymqio
yyyobbb
&**zIU2
{^z)`j
z*=lrb
 z]w@^j'