Analysis Date2014-11-21 11:08:53
MD576bb53bc55fbe117a781c898c7541ce9
SHA1f520bfa62932ebc0e134cd703613ee0af2e7606d

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
PEhash48cb9dc765416aa5847d71c424bfe5fe5f2bf7c5
IMPhash3bcec95699b88faa597cf3e64362f81c
AV360 SafeTrojan.Encpk.Gen.4
AVAd-AwareTrojan.Encpk.Gen.4
AVAlwil (avast)VBInject-Q [Trj]
AVArcabit (arcavir)no_virus
AVAuthentiumno_virus
AVAvira (antivir)TR/Inject.295564
AVBullGuardTrojan.Encpk.Gen.4
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)VirTool.VBInject.AC3
AVClamAVno_virus
AVDr. WebTrojan.DownLoad3.28650
AVEmsisoftTrojan.Encpk.Gen.4
AVEset (nod32)Win32/Injector.APQG
AVFortinetW32/Injector.ATCM!tr
AVFrisk (f-prot)no_virus
AVF-SecureTrojan.Encpk.Gen.4
AVGrisoft (avg)PSW.Generic12.QYO
AVIkarusVirus.Win32.VBInject
AVK7Password-Stealer ( 0040f69f1 )
AVKasperskyTrojan-PSW.Win32.Fareit.amdr
AVMalwareBytesTrojan.VBKrypt
AVMcafeeGenericR-CJH!76BB53BC55FB
AVMicrosoft Security EssentialsVirTool:Win32/VBInject.gen!LD
AVMicroWorld (escan)Trojan.Encpk.Gen.4
AVRisingno_virus
AVSophosTroj/Agent-ADBJ
AVSymantecno_virus
AVTrend MicroTSPY_ZBOT.SMUL
AVVirusBlokAda (vba32)TrojanPSW.Fareit

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
....
...

 <> ''
.00.0009
0:-4-
040904B0
1.00.0009
@10-C
@1-2210
651A8940-87C5-11d1-8BE3-0000F8754DA1
[<6V4
<'#9
Add New
*\AD:\Duflamongo\23\EPgu.vbp
aySZRly
Close
CommandText
CompanyName
config
Count
e651A8940-87C5-11d1-8BE3-0000F8754DA1
EDIT
Execute
Fields
FileVersion
Filter
FolderExists
G1kjb\IQIc
GetFile
h7J6
InternalName
kpw2a9NX
KWFvWSLNthQ
LIKE
mpolikjutd
mposednhytf
Name
NhZjsop
NMyJSRq9TkE
onfig.exe
OriginalFilename
ProductName
ProductVersion
rA133F000-CCB0-11d0-A316-00AA00688B10
RecordCount
Size
SrmJq
State
StringFileInfo
Translation
tuZ1ZLwuz
VarFileInfo
Visible
VS_VERSION_INFO
WUHb
(X*8
X<Y%
Y0gxGRcr
z0Izv
Z33]?
0%:`a4i3
0,d1g@
0n5)^f/
/~0Pq+
??0_UhfI
17U3.G
1=}8L <
1J-r-l_
1xV-gmo
]2&{ad
2d(Xg5
2)`H]~)$
2#k4!j
2qT *n
2W5Ju8
/2YC'R?Z
2@z:1	
[3!-e4L
3-~jdC5
3?n+WD
3w(YWVZ
4.#2Kq
&4a2#6-
[?4+ec
=4gyD>(q
4]jinbRN
)!4)(OvM
4#_X%K
{57YjxfN	
59ylBQ
5A|7"S_
5cC{Rzp
/5+]DMA
5]?ETm5
5^evXl
5fF]EQ
5i~!Dy
}5i&Pe
5<%`PN
5s8NdO
:`6]- 
6]%(/2
'.6h/.=
6H(6o0
$6LG|yg<;
%6lT:P
6%`n*:!
6r3)}g
(|77%.
7bh'j.
(7FgQP%
.7j{~S]c
7O	8A@
7O	\A@
7O	H?@
7O	P@@
83-u)T
8=8X!R
8An$|l
8BMM&s
8hi	K#
8Kei*8
8O	`?@
8O	$@@
(8O	08@
8O	D8@
8O	h@@
8O	L5@
8O	x>@
8O	x?@
8z3Vcl
^9"98Xm
^99t@,
9Aa vm
9jG_0 '/
@9q(OG2:q^
9{T`2}
_9yN%n
 ~a>/*
]A?1O<o
a7Rmq-
a@9g}r&
],aAfA
}#Aa	z
Ab8e<J
Add New
Add_Record_in_Parent
Ad=Q6/
?a/&kRcc-
!AL51Zb
AllowAddNew
AllowArrows
AllowDelete
AllowUpdate
Amu~U6
ANbpxLdz
Animation
Appearance
A Pr&C
asader
:Atf{+pYt
];&AVeB[~
/.Azjt+
aZX-LxZb
B&73Z@
>B7a^^\SOII
B7FQfP
]>b.99
BackColor
bedSf7
b.G[KU
bGP#]|
bHGzG0
(Bill Rate)
$bj`he
bL:6@8ig
BLQ'>Q
BorderStyle
BoundText
,BSA!^
bs#b@a
bU]S\#
byHX{X
c@6(V!!VVT,
:cAh$C
Category Code :
Category Name :
&C'a(!z
CCO,$O+
c[:GBF
Change_Button_Caption_To_ADD
Change_Button_Caption_To_ADDNEW
Change_Button_Caption_To_EDIT
Check_Form
Check_Numeric
:cI-?'
Clear_Form
CloseHandle
Close_Recordsets
C'Lu vLPG
cmbField
cmbOperator
cmdAddNew
cmdAddNew_Click
cmdExpandRecordset
ColumnHeaders
config
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
C:\Program Files (x86)\Microsoft Visual Studio\VB98\vbc22608.oca
`C:\Program Files (x86)\Microsoft Visual Studio\VB98\vbc29208.oca
C:\Program Files (x86)\Microsoft Visual Studio\VB98\vbc30554.oca
cPZL9C$
CQCF6y
CreateFileW
]c=&$z
c-Z,.V:
C/)Z=Xqb0
D1dDK9
d|[5]wj
d6ofRo
`.data
DataCombo
DataFormats
DataGrid
DataGrid1
DataList
DataMember
DataSource
@dD8\>
DefColWidth
DefWindowProcA
D<H H1
&di9k<
)dI'OF
Disable_Edit_Buttons
Djh'\V
DllFunctionCall
]D~lZc
{%DOeEB
,DP>1Q
+dPT<wO
,`D>QIY
,D:R|%
;D*S`R
DTPicker
`{due5
Du<YY5
!dz#uO
e;1>.00*($$$$
!e1|q(
^~E]8I
Edit_Record_in_Parent
EG$dpz
-egr4'
eH^i&ddN]u
<eIA9w8Rr?
EiK[14E
eIK]KKz:
e.	ld;
El{}*W
Enable_Edit_Buttons
*(E#\S8
ESrkrGs
>EsT ~Oq
EVENT_SINK_AddRef
EVENT_SINK_QueryInterface
EVENT_SINK_Release
ew9vZJ
e<}yAu
f2$~]vU
F3:%4p
FaDe]T
fd_z(M
FEQ`L/'
Fetch_Parent_Fields
f(/"fC
ffFB;N
[f}h<n:
Field :
=FIK6}
Fill_Combos
Fill_Datagrid
Fill_Form
Fill_Labels
Find_Record
FlatScrollBar
Fl_c#]
fLiS[+]Gr
ForeColor
Frame1
frameDatagrid
FreeLibrary
FuckBitDeffende
f+xP+-
G6.TZnW
General Item
'Ges(I
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
GgM#4a
gNDtJV
,g;o5%i
!gOCk_f
Gqap4R9
	G-u<po
:g^ZD\
gZ%Sk?
\-`h^%
[~H07*
H0}x0>
h$. 4#
H8O	D@@
h8O	D4@
#HbBLj
HDrQ1`m
)hDv!.
@HifCm
:<h;-,s
HWB:^	
#Hw.(L
@I-5Xw
`^IAx=
I\A^YI
^I<!/C
'ic7i4M
i[;eE"d
iFdR\b
,)i:,hMy
iiNZXXXXTTTP////T
'ijA.ND
Il2s}=
Initialize_Calendars
I]o3S+
i*<OC{
:iqzmN]^cb
i`ROBfs
I}sI2[7
Issue Rate :
Item Type :
ivhn:]=
iW`M`VWMWZKMKK7G70*0%79<9
i^Z0F{(
J3w75A
!J={Dt
|{>%JG
<JH=>-
&jI-Ik
JKdb{-SJ
jO-2P\le,
JR?A	;fZT
jY~aQ f
K0B"^w
k0eE0n
-@k4;4
&=k6zU
kD"^vx
kernel32
KERNEL32
kernel32.dll
KERNEL32.DLL
KerOcx
KeyAscii
;^kFQa
`>|!kk
KM7vklCq
KM<B61
k*[{Ox
KP`fiam
|KP*J6
	K}/$T
\^kt,x
Label1
Label2
Label3
lblParentDate
lblParentMain
lblParentMaster1Main
lblParentMaster1Normal
lblParentMaster2Main
lblParentMaster2Normal
lblParentMaster3Main
lblParentMaster3Normal
lblParentMaster4Main
lblParentMaster4Normal
lblParentMaster5Main
lblParentMaster5Normal
lblParentNormal
lF06}e%
L>%hip
{lhR\h
l?<newektoworgo
LoadLibraryA
Locate a record
Lo/Yj@
LTC\M^
{=|Ly/
Make_Connection
MC3ea{
MCh5'F
M/c^k%
Medicine
Medicine Code :
Medicine Name :
Medicines / General Items
MethCallEngine
[%m*faH.6
m[jM:|
MJ%}`v
mMDX{"
MonthView
)#`	Moyf`
mpolikujh
MQ?vBc@A
Msc'cv6vz
MSCOMCT2.OCX
MSComCtl2
MSComCtl2.Animation
MSComCtl2.DTPicker
MSComCtl2.FlatScrollBar
MSComCtl2.MonthView
MSComCtl2.UpDown
MSDataGridLib
MSDataGridLib.DataGrid
MSDataListLib
MSDataListLib.DataCombo
MSDataListLib.DataList
MSDATGRD.OCX
MSDATLST.OCX
MS Sans Serif
MSVBVM60.DLL
@#-,n[
,%;#N@
nc(8C4D#
newektoworgo
newektoworgoUXTQRSXWWPPVSQXSUVORXTVRXROSXOVSQXSRSVSRQUOOSRRXUVnewektoworgo
?)ng(m?[
)Nk)`}
N=m3EP
NM5[r]
NNNNNNNNN)
(%nRxPTL
/NVwKy
"'nXql
=NY7Sh
=O37sjkt
O8KE5[
o9Ta*6
oA?U8G
o/e,~u
$)oFSn
Ogmgn.
)oNjo$
oooo0a
OpenProcess
optGeneral
optMedicine
oQ:Bw0
OQp"Q^
Os:>xK
O&#~+<u
oUV<@"
O&v?!/
OYY{hr
P`)`,:
+$)p6&
Packing :
PalYf?
-p/C~j|
%~Pc?w
]pFF0WS
p}}J=.
pooo0a
(pqV)+
p)^R,#2
ProcCallEngine
Process32First
Process32Next
Product Name :
p,SH&F/\
$pT/3*
(Purchase Rate)
~pzPA8
pzYw8`
|qap	ry$
qbDD%M
QB)h#7?$f
\q]Bi9
:\QbmP
Q^cse`#)
qF=Bi5
qg{y1v
QhI8Wr`ROJ
Q_jA?^
qKk"i4
!q{pm$(Q
QS4$^sbs
:"Qt{*
qtxtParentDate
qw}&F6s
QWG"m4
~({QY0
(q'?.Yh8
;R*8`w
r9G{ 	
ReadFile
Receipt Rate :
Refresh_Combos
RightToLeft
'	R]l-
RLqsu}C
RowMember
RowSource
r}pzec
&rqC8D
rR2`du
RtlMoveMemory
rvrvoop[[[<<<<:::L49
_	rwA9
.rwVV={
rZNE]L
=RZoXM
@'s2}]Q
S{=`7I0N>ZH
sA*<h,
SB.n4j
Search  (Click on row to locate that record. Press Esc to hide this box)
Select record from drop down list
Set_Fields
.sNX9m
strCond
Supplier Code :
Supplier Name :
Supplier's City :
!<sv4s
Sx4{|n
SystemParametersInfoW
t%%.',
T_4t4o
t82kGDL$
,T8fkC
TabAcrossSplits
TabAction
TCj/lt
TerminateProcess
!This program cannot be run in DOS mode.
	tkD	H)r
/tl_J*
/(Tm	>1
%`[TNae
"|;tnW
+&TO}(
%#TP'H
ttttt<|
)Tw+a=
txtMasterParent1Normal
txtMasterParent2Normal
txtMasterParent3Normal
txtMasterParent4Normal
txtMasterParent5Main
txtMasterParent5Normal
txtParentDate
txtParentMain
txtParentMaster1Main
txtParentMaster1Normal
txtParentMaster2Main
txtParentMaster2Normal
txtParentMaster3Main
txtParentMaster3Main(0)
txtParentMaster3Normal
txtParentMaster4Main
txtParentMaster4Main(0)
txtParentMaster4Normal
txtParentMaster5Main
txtParentMaster5Main(0)
txtParentMaster5Normal
txtParentNormal
txtSearchValue
txtStr
txtWarranty Over Date :
txW{Ee
T+Z+{v
],U>0R
'U4P:^
U4Qkh-
u4@Vm$
u|%~<}7
u8	G%l;
u9<8;{E}
*U*?cf
@UdMVl
@-U>FA
U@gW`A
uigigigig
uJ5$c3
uKapR^
U'KzZR
Unit :
uO'I;{
UpDown
U'Qkd,
(*}uqn\
user32.dll
USer32.DlL
	utX9A/P?
UU\}|p
Uw)Hxt
uwZW!y
V1Mp	XI
VaH]nn
Value :
VBA6.DLL
__vbaExceptHandler
Vhr}c5
vJUNiK
Vk4 uJ
Vl+(1I
VN.'4.
=v&QP`
		 VT-
;w0Hl7
W6EQ.r
#w	:9j
wc;Y~^_(
W/E6sp
=wFb[(q
w<^<Qv:9s
WrapCellPointer
WriteProcessMemory
_,W"UT
wwwwwwp
wwwwwwW
wwWXwX
_wxaegJ
wXwxxwuuuw
X{1+tDJH
X8O	0A@
X8O	(A@
XaoSHrY
%[xGy$
??xI`@
xit:fr
&{XJEkBu
X&L, `
	xo^or
xQe:xPY
XsmmppppppppppmC
xTJ(ol7~
xuuuewWwVWWw
x-V/,.Q
xwuwuw
xwwxwWwW
||||xxpU
xxWwPw
xxxr0,
xXxxww|u}w
xZ:Y{_J
Y0Qu6[
y	3|=^D
}Y,68v
*:Y8%=c
Y[9,s-
`y+a>"
YB]Pz)\>
yD^bM_
;y(Ddm
yDm&lV
ygs?B 
yIH5SJ
YiNO#B
;YI-u^
`$y'(,,k
ym~j}9T
-y;}}o
yP6AxX#Z
yr{Z}D[6
ySHgVw-
Y@S-=n-
Ytd:[	
@yWGoc
yX2^>#>Ve)
}}yyyyvv|U
Z5_8,'
{z7{G6b
\?ZC9V
Zf7Fl]
zh%7x?it
zib]rg
>Z'@ih
ZKkhHh
]zK  my
Z,}LC&
Z}.LIu
ZO9q(#qt
Z~!["r
;\`z_rD
\ZU&E94
z-Y9ka