Analysis Date2014-02-25 02:06:24
MD5af98cd677236afe79fa7bd3dddfc1e51
SHA1b60b6261a9c6036a8542d96108acb897d41248be

Static Details:

AVavgGeneric35.AMSE
AVmcafeePWS-Zbot.gen.oj
AVaviraTR/VB.Inject.kqrwa

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates ProcessC:\malware.exe

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
_]<\\
@@,<
040904B0
-=09
/-,2
@@"4
5.00.0454
*\AD:\ytftfytfytfy\REeB.vbp
asecfrgvtfd
B.hHyRTV`H
#C6\.U1R5Q;R'Y*
c8wt
@cal\Mi
CompanyName
dfPxIb
Dino1
Dino1.exe
e651A8940-87C5-11d1-8BE3-0000F8754DA1
FileVersion
InternalName
@l\Micr
mpolkiujhy
 or da
OriginalFilename
ProductName
ProductVersion
StringFileInfo
(}%:&tDF
Translation
VarFileInfo
'V+D(
VS_VERSION_INFO
WUBHxFyvs5
xfqwXtI2D3
YU,~X$Ux
|||____
03gHl!
0.<DTGX
}0&^_f
0ja(z \
0$XsD5$]
0([Zs:
1gTwN!#
1p/G&1
1rf>s4
1_{r;H^
!20)[1
27e3j}
2`7gC4A
2-8j_wP4
2a$-"6*'
'2}nV;p
2#Q+b<
2SmC0f
2yI#bY
"328C=
33Qq#F
3:5("	
3BfE|m
-3-%g*c#
3GS%Jl
(}"3GVb
:3i_R`
3r=Rp,"
4CP'a]
4	hn#U
/4hui8
+'-4ka
'/4NK3
4'sgxl
4~'sp#WE
4\S\tZ
4t@?rHl
516%) 
/54;V%
[!5!eG
5$h]RB
]5I4Z=
5WNL3R
;\66UY
69=7MmE
@6|b;ma
)6.dm(
6f6;01
6FX:H?
6*|M2z
6NWYx1)
=$	|6w
6WX!3&
&6Xo.h
6Zf{TSb
777/=>
7p$_5M
[}#7Ta_
7	ZK4K
7^zqY;
"?<;8"
";81q 
88G#c8
_!8" bc
.8bLC$
:!8]Fm
8je5r,
8\@KP6(
8lRwSk}l
8N:5(	
8VF;]]JF
8W@mRx$
8y(mb=
@9cwmh
_9!J:	N
#9NX*B
9SN:5	
-9w":`
9We\7R
9Z-HLW
`9zz(B,w
=a;>})
a	4@ 9
	a9;,R?To
'/aD@U
+<[Afav
Aj98oq
AllowAddNew
AllowArrows
AllowDelete
AllowUpdate
Am-0ip~
Appearance
)Ar$Q/n
astllesbwaybeih
/At- #
ATXxi2
a=*uW6
AZ@J\`+
AZ_Usd`/
=>/	B 
=B4Q-,
;[{ba)
b ~{a7
BackColor
,b{AErKsx
%:bA*x|
bbd]Km
bd W>bXbJ
BgMW	_
BorderStyle
>,B]R6
b<@RO]
	Buz@!|
bUz@#1
bYWTTPLI<<Ic
c9xiN5
cFR{/s@
ch,	DcS
CIoR@}G
cLj.VUbR
CloseHandle
cmbField
cmbOperator
ColumnHeaders
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
C:\Program Files (x86)\Microsoft Visual Studio\VB98\vbc22608.oca
`C:\Program Files (x86)\Microsoft Visual Studio\VB98\vbc29208.oca
[cQar6
>c\`RcD
CreateFileW
CtxtParentDate
}`C-_W
C%x|	X]
`C*	 zG|I
>+D0`m(
D1rkcT
d3H/bp
d9lhHBH
[&D[AS}G+
`.data
DataFormats
DataGrid
DataGrid1
DataMember
DataSource
=dB=I<W2N
DefColWidth
DefWindowProcA
d jn:PD
DllFunctionCall
?dL(X.
d+mY>.
dnOYev ]K
dSJvYi
DTPicker
du4:fc
DvvlAq
E^0MXaa
e4>4#Z
e|5Ar0"
	eflYt~
`egx*G
}Eg^y"
.;EHc)
eKxjYJ5
eq:j g6
E-?u}]
EVENT_SINK_AddRef
EVENT_SINK_QueryInterface
EVENT_SINK_Release
e}VmfK
e	+yHU=A
F8lfg<
F"A (8
FeC=hC
|#FGXF
f(	gz{
FIcUsh#
Field :
~|fiIV&
fj\>SV
FMT<jz
ForeColor
F&quF-
Frame1
frameDatagrid
FreeLibrary
fsvKcw
FS%X4li
fUYpcd
f/W-C#
G2Um	s
'?g`(4vv
[G8rc1s
&G9)08
G`bXei
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
}&G$:@HD
<gHH+813
gK,Hm]g
>GLS\#
)Gp=K<,}
:gQ4m6
>G^S~7w
G%TXxG
)gv?$D	WW
]GZJ)u89
h1(NTN
H5bL2a
h|5&~m
H_/\%6
h75!#:
Hb06:t
.hcTue(
h;dFa 
hG(Ep1
|||_hhh
HIovN2Io
HJS4.	XE
&HMi	8f$
Ho<3c8
hOAx_oy}
_)=HOz
h.&WL|
h?*x\`
)[I+20>
i7 Oz5
@IaH@@
i| /ed
I;*f(eX`k
|iflM&
IjogIt+
%IjW~y
+ ILm,X^
I"oi/Nr|
ioJC&%
ipjv:s
iP.LY|
+iQeil
*iR$iv
")	i{S
;iT/Bp
itwf;h
IWfp|t
i,-xBnC
iyiw4q
IZNWlq@
;&|j5H
$J;cdv
JE=\.IH
j%Ep`Cl
JFOZ%#
j_-jym
$JLP^y5
@J $m8
jnhytgbvf
_J[o>2
-j:Pk/
jq(cO{
j)Sc,G
jufv:NyO
J	v%D1
K,'1i@$?/
(K9fXRu
KA;g])F
K)CM)U
keMwD*
kernel32
kernel32.dll
kernel32.DLL
kfQg/%k
,_KJ,dR
]]]?KKK?KKK?[qu?v
!KM[Wi
"KpAkW
.KPM,+
.K%RX{
kt-UL.'{
kU,':FL
#"~KYI
K~z?}4
&L(2yV
L7& )z=
L9uW\%
Label1
l^^>Ch#
=lMesru
LoadLibraryW
Ls,c{s
/lTxh$
L?u[`I_
;lVNVz>
lY6<+h
M9eWuQ
-[`MaG
?&MBhE
ME4n~Dw
M?n?6#
m?otZw
mpilui
MSCOMCT2.OCX
MSComCtl2
MSComCtl2.DTPicker
MSDataGridLib
MSDataGridLib.DataGrid
MSDATGRD.OCX
MS Sans Serif
MSVBVM60.DLL
mvDME;
MxWcqI
M@yV%I
NafHz]|
n\aG%&
#|nam{
?ne]6w
NeSatbdWrk
	NeSatbdWrk
NeSatbdWrk*5#
NeSatbdWrkftukdfg56789NeSatbdWrkQ_f
nGoUpS
ni8CTD
Nn.*|x{
>npQ	{.S
nTe*jdP
>.n<UFd
 %\nu.!L}
N#wY%:ykm
N*X;$J
,NZdMT
nzP[&P
.O1Y&?
O4=6-y
o"8D#n
oa!9cY
\O#cR-
oECaddn y0vx
=Of|YA
oGUP^&
ojalja
OpenProcess
op"zaZ
ouiouiou
p2qKwT
P60D+v	|
P<6m/	iQG
P9dt_g
P^c+K{
p[erW8
p`F-Hb
P[H]MX#
.PIFf/
<plwvO3
pO q+N_
Pr9x":
ProcCallEngine
Process32First
Process32Next
PropertyPage
PropertyPage1
pr`UmmXk
P}TKO%?}
PVZ\IOT
/.]Q:`
<Qaz3a
Q,doZG@u
Qgf/)&O
:qI<c^!
qiOK10N 
q#`"jBq
Q!,O)6
qtLu)2
qUR]}d/
q $-`X
@Qx"}G
q]XNKZSuJ(
qz3{mY
+qzdiNP
\R!*[0
'R1d}'`[
ReadFile
rH{Y&z
RightToLeft
RIZmyL[s
'RJ>Mv
Rkh[Ts
R%kM]i
rOy'`=
RQSl{+
RtlMoveMemory
?RUXg%
'R}(XD]
rXGWXd6
R#=XW2Mi
-,rY!e
s7*S'xH
sAT OVu
{Se)H	
=SeIH\
se$nc0\
Sf.rnz
\shL.tX;
Sk`0Z@Y4
sL,G,31
sP<M<>R
SRH=_KF7l
"S^)s!,
;ssM&fuF
SystemParametersInfoA
s>@z!\us
TabAcrossSplits
TabAction
%TAQ;j
~:Tc:*
<%/T@C
T.;d<Ba
TerminateProcess
!This program cannot be run in DOS mode.
t\Ho|r{
ti&o0F
'tJIl-i
tMmqg9{
trme("
TS)yX+m
t/@t3,1Q
T]TE )
TT{(-%M
(!|tw%
t+wqd5+
tx}PG)D
txtParentDate
,TxW#Trm
.,{T/z
-)TZ=,z
U0e'&o
`U1quC
 uaR}!M
ublic mpilui
uB|:;o
UGhp-<k
 u/hqQ
u&J	MJ&M$
UMkP]ij 
uM(%Ov)
|`Up|wk
|us2Nb
user32.dll
UserControl
UserControl1
u%,sH,
uUXVBB"
UvD"WIB
uWiPU'n
UX5f6i
Value :
ValUserControl1
\>vb`'
VBA6.DLL
__vbaExceptHandler
%v|nK>
Vpy9mw
,vwmM&^
"VWTCH"
v_x	A~
w'7Wu,6
w|)/8F
wB\4(#
w@Eh)8
w?F{& 
wFz%3f
WrapCellPointer
WriteProcessMemory
W&vqzZ
W>(W"y
,xa1j2'
'Xa:<;E
=XCA<P
XJAzTxG
x:LWJR
XnAT*g
xV1(U#
xyc(+~
YA96jx
Ygggv&
Yggvv1)bnje5
Ygt]M,jnnnjI
Y{j2F/*
yyyobbb
}._Z?-
z2@D{h
!z{4^@
Z9>Uayd'
Z$bXNs
ZC[DpE2
#z{fqzey
\Z"g	:
Z' G5JE<A
~~Z,"L
Z_==@U
z<u0x'
?ZxA9/
ZZ?E|=