Analysis Date2015-05-08 15:29:09
MD50a6262d00a15c50d67042133f1c6e370
SHA1efb93de7d0d37ee43e5e0b0b9c4056897b0049c3

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 093d0932e605af4d858c69bfa5c8f754 sha1: 722c78f5a2a9cd98d907c5828375406a2f6f06df size: 28672
Section.data md5: 620f0b67a91f7f74151bc5be745b7110 sha1: 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d size: 4096
Section.rsrc md5: fe4ea7e1edb258d36e3a3e9ef9e32cc8 sha1: a120b49f81fa5a73b3fc8cc84d61074aca2b3ea4 size: 4096
Timestamp2015-03-19 14:27:58
VersionLegalCopyright: qnwvgrd
InternalName: ydapxgq
FileVersion: 1.00
CompanyName: jvdzrikuik
LegalTrademarks: rwhohaozz
Comments: axsimm
ProductName: logdhwcckmn
ProductVersion: 1.00
FileDescription: ndmfhuh
OriginalFilename: vtzaist.tmp
PackerMicrosoft Visual Basic v5.0
PEhash79b4c6094ef6672d28308628b881207b7f876fc8
IMPhash0b6d91c873e08ef9fce5461a1de44f0f
AVAd-AwareGen:Variant.Kazy.400953
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)Gen:Variant.Kazy.400953
AVAuthentiumW32/S-38f1c7b7!Eldorado
AVAvira (antivir)TR/Dropper.VB.Gen7
AVBitDefenderGen:Variant.Kazy.400953
AVBullGuardGen:Variant.Kazy.400953
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. WebTrojan.KillFiles.26082
AVEmsisoftGen:Variant.Kazy.400953
AVEset (nod32)Win32/TrojanClicker.VB.OFQ
AVFortinetW32/VB.OFQY!tr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Kazy.400953
AVGrisoft (avg)Clicker.BJKQ
AVIkarusTrojan.Win32.TrojanClicker
AVK7Trojan ( 0040fa561 )
AVKasperskyTrojan-Clicker.Win32.VB.irz
AVMalwareBytesTrojan.InfoStealer.RND
AVMcafeeRDN/Generic.dx!dql
AVMicrosoft Security EssentialsTrojanClicker:Win32/Wimg.A
AVMicroWorld (escan)Gen:Variant.Kazy.400953
AVPadvishno_virus
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVTwisterTrojanClik.VB.OFQ.ibhw
AVVirusBlokAda (vba32)TrojanClicker.VB

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\~DFB974.tmp
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Creates Mutexfchi

Network Details:


Raw Pcap

Strings
    
080404B0
1.00
1&'5
{1$$|||%n3b
1.vbp
@*\AD:\UserFile\
<a href='/wzs/
axsimm
\bd\TempBD\
~bl~jel$z~ojd
body
border
cde%nsnwlynneiyd|xny%nsnwhcydfn%nsnw8=;xn%nsnwxdld~ns{gdyny%nsnwijbo~iyd|xny%nsnw
CheckBox
Click
cn|dygo%nsnwzziyd|xny%nsnwfjs
ComboBox
CommandButton
Comments
CompanyName
documentelement
document.oncontextmenu=new Function("event.returnValue=false;");document.onselectstart=new Function("event.returnValue=false;");document.onmousewheel=new Function("event.returnValue=false;");
Enabled
execScript
fchi
FileDescription
FileExists
FileVersion
Frame
Frame1
FrameFile
Height
hidden
.html
.html' target='_self'><div id='ggg'></div></a> 
innerhtml
InstancesOf
InternalName
javascript
jvdzrikuik
Left
LegalCopyright
LegalTrademarks
ListView
logdhwcckmn
Move
MSHFlexGrid
Name
ndmfhuh
none
%nsn
OriginalFilename
outerhtml
overflow
parentWindow
PictureBox
pos.baidu.com
procmgrex.exe
proctree.exe
ProductName
ProductVersion
properties
qnwvgrd
rwhohaozz
Scripting.FileSystemObject
StringFileInfo
sTyle
TabStrip
taskmgr.exe
TextBox
*.tmp
Translation
VarFileInfo
VS_VERSION_INFO
vtzaist.tmp
wbns{gdyn%nsnw
Width
Win32_Process
WinMgmts:
|xhyb{
ydapxgq
yj}ngny%nsnwcjd:98a~qb%nsnw
?7DAB:
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_allmul
_CIatan
_CIcos
_CIexp
_CIlog
_CIsin
_CIsqrt
_CItan
CloseHandle
comabs
C:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
CreateMutexA
C:\WINDOWS\system32\ieframe.oca
`.data
dIsDRFsk
DllFunctionCall
EnumProcessModules
EsbrIs
EsetGs
Esj|Gs
Es`vIs$FGsx
EVENT_SINK_AddRef
EVENT_SINK_QueryInterface
EVENT_SINK_Release
FindClose
FindFirstFileA
Fs0jGsmLGs
FsEjGs
Fs(&Fs
Fsl`Is
FstLGs"
GetClassNameA
GetForegroundWindow
GetModuleFileNameExA
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
gGsfLGs
GIF89a2
ILCreateFromPathA
ILFree
IssnGs*aHs?|Gs
]IstjGs
}#j|hH1@
jhhH1@
} jXh(+@
jXh(+@
kernel32
kernel32.dll
kIspuIs
ModEditFile
ModFrmObject
ModOpenAndSetFocus
ModShowProperties
msvbvm60.dll
MSVBVM60.DLL
OpenProcess
Picture1
psapi.dll
Q G=8R
ReadyState
rIs1hIsf
RtlMoveMemory
SetWindowPos
SHDocVwCtl
SHDocVwCtl.WebBrowser
shdocvw.dll
Shell32
shell32.dll
ShellExecuteA
ShellExecuteEx
SHFileOperationA
SHOpenFolderAndSelectItems
ShowForm
TerminateProcess
!This program cannot be run in DOS mode.
Timer1
user32
VarPtr
vb6chs.dll
VBA6.DLL
__vbaAryConstruct2
__vbaAryDestruct
__vbaAryUnlock
__vbaBoolVar
__vbaBoolVarNull
__vbaCastObj
__vbaChkstk
__vbaEnd
__vbaErase
__vbaErrorOverflow
__vbaExceptHandler
__vbaExitEachVar
__vbaExitProc
__vbaForEachCollObj
__vbaForEachVar
__vbaFPException
__vbaFpI4
__vbaFPInt
__vbaFreeObj
__vbaFreeObjList
__vbaFreeStr
__vbaFreeStrList
__vbaFreeVar
__vbaFreeVarList
__vbaGenerateBoundsError
__vbaHresultCheckObj
__vbaI2Var
__vbaI4ErrVar
__vbaI4Var
__vbaInStr
__vbaInStrVar
__vbaLateIdCall
__vbaLateIdCallLd
__vbaLateIdSt
__vbaLateMemCall
__vbaLateMemCallLd
__vbaLateMemSt
__vbaLenBstr
__vbaLenVar
__vbaNew2
__vbaNextEachCollObj
__vbaNextEachVar
__vbaObjSet
__vbaObjSetAddref
__vbaObjVar
__vbaOnError
__vbaR4Var
__vbaR8IntI2
__vbaR8Var
__vbaRecAnsiToUni
__vbaRecDestruct
__vbaRecDestructAnsi
__vbaRecUniToAnsi
__vbaRefVarAry
__vbaSetSystemError
__vbaStrCat
__vbaStrCmp
__vbaStrCopy
__vbaStrMove
__vbaStrToAnsi
__vbaStrToUnicode
__vbaStrVarMove
__vbaStrVarVal
__vbaUbound
__vbaVarAdd
__vbaVarAnd
__vbaVarCat
__vbaVarCmpEq
__vbaVarCmpGt
__vbaVarCopy
__vbaVarDup
__vbaVarForInit
__vbaVarForNext
__vbaVarLateMemCallLd
__vbaVarLateMemCallLdRf
__vbaVarLateMemSt
__vbaVarMove
__vbaVarMul
__vbaVarOr
__vbaVarSetVar
__vbaVarSub
__vbaVarTstEq
__vbaVarTstGt
__vbaVarTstLt
__vbaVarVargNofree
__vbaVarZero
WebBrowser
WebBrowser1
 WebBrowser1
zxdmtey