Analysis Date2014-01-17 11:40:30
MD5230e500ef53c42593941fc3db2498f42
SHA1edfded0e245bec00d22d9a78499f9b78d8081ad0

Static Details:

PEhash323ba71bc6adffd8683dddc499a3efea8cb77651
AVavgPSW.Generic12.QUS
AVaviraTR/Spy.ZBot.qvztiua
AVmsseVirTool:Win32/VBInject.gen!LL

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
040904B0
@@"4
5.00.0454
6pbPD
*\AD:\fzfzefzef894984\REeB.vbp
@ata\Loca
CompanyName
dd/MM/yyyy
dGuUQs
Dino1
Dino1.exe
e651A8940-87C5-11d1-8BE3-0000F8754DA1
FileVersion
frdehtjykuh
gtfrdeszde
hvHU
InternalName
&J;[
@l\Micr
oEJQ4
ojjaal
OriginalFilename
ProductName
ProductVersion
rA133F000-CCB0-11d0-A316-00AA00688B10
sSozlM7mcG
StringFileInfo
T8o+
Te50cvR5Zf
Translation
tv8T8BzJt
VarFileInfo
VS_VERSION_INFO
_(w3
WJ\}
yaeswheitlbsbl
ZtbkZRc3M1
ztw6
|||____
28S8Q|
/2i<e5
2k0I`s
3:5("	
3{i~}J
3tyZK`
?3`uo.
4QAY|)
5WNL3R
5(XJ^XCG
`6KtERz
6(p`r\
"?<;8"
";81q 
8b/i[W
8N:5(	
8*O$@%
90_gv~
^,'9+N
9SN:5	
*	"\9UG
9VPTXG_
A#dQ&T&K
?\?AJv
a`V|xmH^
+B/'5\
|b/a8E?
bC<w4E
b+jadidjemanchbahi
BoundText
 |bToY
bYWTTPLI<<Ic
>`@=/c
CloseHandle
cmN7l.d":
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
C:\Program Files (x86)\Microsoft Visual Studio\VB98\vbc22608.oca
CreateFileW
CtxtParentDate
`.data
DataCombo
DataCombo1
~DataCombo1
DataList
DataList1
D:dF:8
defrgthyf
DefWindowProcA
D!j%QQ
DllFunctionCall
D_n'<P
(+dS*YU@
DTPicker
DvvlAq
_dwvs_A
#E(~5T9a
[E>alX
ei\W</a
./e*re
EVENT_SINK_AddRef
EVENT_SINK_QueryInterface
EVENT_SINK_Release
\f8@vfy
FG-1Um^y
fOq=p!
Frame1
FreeLibrary
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
G&	N}bx
|||_hhh
h&~HY)
]){hK}
\h;o`?
hV]-> i
hygtfr
>iJa@D
\?Ik\v
Im|t'{
^In*#V
I)UgL@#
jadidjemanchbahi
jadidjemanchbahi5879449848948984lljadidjemanchbahi
)jZF6A
K0/^Z0
kernel32
kernEl32
kernel32.dll
kernEl32.DLL
-K'F(p
k^k<iJ(
]]]?KKK?KKK?[qu?v
KR P =
KX/Y$\
L?F4,#
LoadLibraryW
lolololp
m4,q1-?*hJ
MexNk&
&mG{nD5_0
mM$5a%^
MSCOMCT2.OCX
MSComCtl2
MSComCtl2.DTPicker
MSDataListLib
MSDataListLib.DataCombo
MSDataListLib.DataList
MSDATLST.OCX
MSVBVM60.DLL
NAFu":g
$^n`Av
"Nl#Ag
nQq?9WL
nUbtJ2<
&N$V-E
NviJ{rq
'OE KN\Y
ojjaal
OpenProcess
+$pBFF
!`.PGrc
piP2 f
%pk'N~
ProcCallEngine
Process32First
Process32Next
PropertyPage
PropertyPage1
pr`UmmXk
pvYD4O
Q20x^n
;|q5 g
qC:\Program Files (x86)\Microsoft Visual Studio\VB98\vbc30554.oca
ReadFile
R~=j#9
rkOK!KSL
R=,Nh_k
RowMember
RowSource
:^[r@Sy
RtlMoveMemory
R(zZ7)
)S,/b?
S@G;7n
SystemParametersInfoA
t4(VZF
TerminateProcess
!This program cannot be run in DOS mode.
"TP(#+J
txtParentDate
|`Up|wk
user32.dll
&UY9{X
VBA6.DLL
__vbaExceptHandler
|$v|%d9
W`6<3MFK,(
W_9oMdD
WaEYV,
#we&;`
:wk3{.i
 w+>L{
w(M{U^
;-\Wn\5
WriteProcessMemory
xuqbDb
yaeswheitlbsbl
Ya"iq'
Y?BO#2
yd]hF;"
Ygggv&
Yggvv1)bnje5
Ygt]M,jnnnjI
yUC	<"&q(
yyyobbb
[[=zbd
[Zo5^v