Analysis Date2013-12-27 15:12:50
MD5c721c35a4bb6723da9d6ec52fdd73f51
SHA1d63a091cb811600e73e26016b2bbf29c9b6dcf79

Static Details:

PEhash1f17a7eea2aadd978b98d41fde44175fceb3682d
AVavgGeneric35.AMSE
AVmcafeePWS-Zbot.gen.oj
AVaviraTR/Dropper.VB.2050

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
_]<\\
@@,<
040904B0
-=09
/-,2
@@"4
5.00.0454
*\AD:\ytftfytfytfy\REeB.vbp
asecfrgvtfd
B.hHyRTV`H
#C6\.U1R5Q;R'Y*
c8wt
@cal\Mi
CompanyName
dfPxIb
Dino1
Dino1.exe
e651A8940-87C5-11d1-8BE3-0000F8754DA1
FileVersion
InternalName
@l\Micr
mpolkiujhy
 or da
OriginalFilename
ProductName
ProductVersion
StringFileInfo
(}%:&tDF
Translation
VarFileInfo
'V+D(
VS_VERSION_INFO
WUBHxFyvs5
xfqwXtI2D3
YU,~X$Ux
|||____
)1:8E8+
3:5("	
 4esFi16
5WNL3R
"?<;8"
";81q 
8N:5(	
9SN:5	
AllowAddNew
AllowArrows
AllowDelete
AllowUpdate
Appearance
astllesbwaybeih
b2%7|K
BackColor
bbd]Km
BorderStyle
bYWTTPLI<<Ic
CloseHandle
cmbField
cmbOperator
cO	kD>f
ColumnHeaders
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
C:\Program Files (x86)\Microsoft Visual Studio\VB98\vbc22608.oca
`C:\Program Files (x86)\Microsoft Visual Studio\VB98\vbc29208.oca
CreateFileW
CsMQ$t.e
CtxtParentDate
#<d^\ 
`.data
DataFormats
DataGrid
DataGrid1
DataMember
DataSource
DefColWidth
DefWindowProcA
DllFunctionCall
DTPicker
DvvlAq
DXwOBZ
{{ES{_
EVENT_SINK_AddRef
EVENT_SINK_QueryInterface
EVENT_SINK_Release
Field :
ForeColor
Frame1
frameDatagrid
FreeLibrary
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
g^n6g5
|||_hhh
i3<X( 
I|&<e7
I<L\J:
jnhytgbvf
kernel32
kernel32.dll
kernel32.DLL
]]]?KKK?KKK?[qu?v
Label1
L,Fio(
lj,\)oE
LoadLibraryW
-[`MaG
MD+<})
Melwpcq
mpilui
MSCOMCT2.OCX
MSComCtl2
MSComCtl2.DTPicker
MSDataGridLib
MSDataGridLib.DataGrid
MSDATGRD.OCX
MS Sans Serif
MSVBVM60.DLL
NeSatbdWrk
NeSatbdWrk*5
NeSatbdWrkftukdfg56789NeSatbdWrkQ_f
=Of|YA
ojalja
OpenProcess
ouiouiou
&=pn(l9
P[N*MJ
ProcCallEngine
Process32First
Process32Next
PropertyPage
PropertyPage1
pr`UmmXk
q@Dw2#
:qI<c^!
'R1d}'`[
R2w7z6
ReadFile
RightToLeft
>rKkgX
,rnodG3
RQSl{+
RtlMoveMemory
rZSU8x
SystemParametersInfoA
TabAcrossSplits
TabAction
TerminateProcess
!This program cannot be run in DOS mode.
txtParentDate
ublic mpilui
U>cs>[
UpMpl^2d.
|`Up|wk
uqE^fb
user32.dll
UserControl
UserControl1
Value :
ValUserControl1
VBA6.DLL
__vbaExceptHandler
WrapCellPointer
WriteProcessMemory
XJAzTxG
Ygggv&
Yggvv1)bnje5
Ygt]M,jnnnjI
yhIIP/
yyyobbb
ZC[DpE2
-zf	e{
Z'tf'9