Cuckoo Sandbox

PE Compile Time

2009-01-06 06:02:14

PE Imphash

bfbf457d52153d2191e67bb6c9212334

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
UPX0	0x00001000	0x00010000	0x0000a400	4.66212694415
UPX1	0x00011000	0x00004000	0x00003e00	4.41246856521
.rsrc	0x00015000	0x00006000	0x00005e00	4.19218612721
.imports	0x0001b000	0x00001000	0x00000200	2.18633120032

Resources

Name	Offset	Size	Language	Sub-language	File type
RT_ICON	0x0001a4f8	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	Device independent bitmap graphic, 16 x 32 x 32, image size 1088
RT_ICON	0x0001a4f8	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	Device independent bitmap graphic, 16 x 32 x 32, image size 1088
RT_ICON	0x0001a4f8	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	Device independent bitmap graphic, 16 x 32 x 32, image size 1088
RT_ICON	0x0001a4f8	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	Device independent bitmap graphic, 16 x 32 x 32, image size 1088
RT_ICON	0x0001a4f8	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	Device independent bitmap graphic, 16 x 32 x 32, image size 1088
RT_ICON	0x0001a4f8	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	Device independent bitmap graphic, 16 x 32 x 32, image size 1088
RT_GROUP_ICON	0x0001a964	0x0000005c	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_VERSION	0x0001a9c4	0x00000224	LANG_ENGLISH	SUBLANG_ENGLISH_US	data

Imports

Library MSVBVM60.DLL:

• 0x401000 MethCallEngine

• 0x401004 None

• 0x401008 None

• 0x40100c None

• 0x401010 None

• 0x401014 None

• 0x401018 None

• 0x40101c EVENT_SINK_AddRef

• 0x401020 None

• 0x401024 DllFunctionCall

• 0x401028 None

• 0x40102c EVENT_SINK_Release

• 0x401030 None

• 0x401034 None

• 0x401038 EVENT_SINK_QueryInterface

• 0x40103c __vbaExceptHandler

• 0x401040 None

• 0x401044 None

• 0x401048 None

• 0x40104c None

• 0x401050 ProcCallEngine

• 0x401054 None

• 0x401058 None

• 0x40105c None

• 0x401060 None

• 0x401064 None

• 0x401068 None

• 0x40106c None

• 0x401070 None

• 0x401074 None

• 0x401078 None

• 0x40107c None

!This program cannot be run in DOS mode.
.imports
Project1
frm_main
jjjjjjjjjjjjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjjjjjjjjjjjj
dddddddddddddddddddddddddd
dddddddddddddddddddddddddd
__________________________
$%12V44)
zzzzzzzzzzzzzzz
/Z
bcdddddddddef
/Ygggggggggggggg
(YZZ[a
(YYZZZ
deEFGH
12344*z
bbbbbbbbbbbbbbb
UUUUUUUUUUUUUUUC
w@gylz///////
cDefE!gYjjiiijj2mnop
UUCCCDVWX
YZZ[\2^
23456789:
"#$%&'()*+,
bcdefghi
WXYZ[\]^_`a
LMNOPQRSTUV
CDEFGGGHIJK
9:;<=>>?@AB
345678
$%&'()*+,-.
Timer1
musicvn
Microsoft Windows
Project1
Project1
frm_main
class_main
module_main
module_bind
module_rnd
module_registry
module_until
module_path
module_check
Module1
module_funny
C:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
Timer1
kernel32
CreateMutexA
ReleaseMutex
CloseHandle
VBA6.DLL
C:\WINDOWS\system32\msvbvm60.dll\3
advapi32.dll
RegSetValueExA
FindWindowA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegSaveKeyA
RegRestoreKeyA
RegEnumKeyExA
RegEnumValueA
RegCreateKeyA
AdjustTokenPrivileges
user32
LookupPrivilegeValueA
OpenProcessToken
GetCurrentProcess
FindWindowExA
SendMessageA
PostMessageA
GetFileAttributesA
ExitWindowsEx
GetWindowTextA
GetWindowTextLengthA
MethCallEngine
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine
`.data
[I|#pus
0n;Oza/`
module
egistry
untilW
checkM1
f4n@3K
gram Fi
/)ual Studio\VB98
d#BVh[
3Kk!nel32
ZNCx4Sr
~@HKr$/
d=42F7i
cAnDLL
WINDOWS\sy)
\msvbvm60.
JFoH;a
(4qivFg.
urrDtQ
in'dzr
TextAGh\2$
GLxgth+
NjH_]a
wrc%C1
.y,x8'
R9l-qS/l
u:SfNq
D&`{!E$
8s+pfh
<*l0L\
tXn?$WX
YQ`[\`
X\X\$Y.
BjBBbX
dC-!v:
ddLPLLA&
\PYTYL2
3fGTO7`
MethCallEn
EVENT_SINK_AddRef$
D2Function>
__vbaEx
d'.Vxt
G`.data`1
XPTPSW
jjjjjjjjjjjjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjjjjjjjjjjjj
dddddddddddddddddddddddddd
dddddddddddddddddddddddddd
__________________________
$%12V44)
zzzzzzzzzzzzzzz
/Z
bcdddddddddef
/Ygggggggggggggg
(YZZ[a
(YYZZZ
deEFGH
12344*z
bbbbbbbbbbbbbbb
UUUUUUUUUUUUUUUC
w@gylz///////
cDefE!gYjjiiijj2mnop
UUCCCDVWX
YZZ[\2^
23456789:
"#$%&'()*+,
bcdefghi
WXYZ[\]^_`a
LMNOPQRSTUV
CDEFGGGHIJK
9:;<=>>?@AB
345678
$%&'()*+,-.
KERNEL32.DLL
MSVBVM60.DLL
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
MSVBVM60.DLL
MethCallEngine
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine
!This program cannot be run in DOS mode.
(H2222
`|X22220L4D2222
h2222T@tx2222lp<P22228
Project1
frm_main
$%12V44)
(YZZ[a
w@gylz/
cDOE!gYjji
D\2^~7j
56789:
;Y6]^_`a
OPQRSTUV=G
%;<=>>?@AB
LU.([!
vcOkdu
Form1vg
$HT~_ 
tt#\Yx
musicvnWV
rosoft Windows
nK(~nOn=
[I|#pus
0n;Oza/`
module
egistry
untilW
checkM1
f4n@3K
gram Fi
/)ual Studio\VB98
d#BVh[
3Kk!nel32
ZNCx4Sr
~@HKr$/
d=42F7i
cAnDLL
WINDOWS\sy)
\msvbvm60.
JFoH;a
(4qivFg.
urrDtQ
in'dzr
TextAGh\2$
GLxgth+
NjH_]a
wrc%C1
.y,x8'
R9l-qS/l
u:SfNq
D&`{!E$
8s+pfh
<*l0L\
tXn?$WX
YQ`[\`
X\X\$Y.
BjBBbX
dC-!v:
ddLPLLA&
\PYTYL2
3fGTO7`
MethCallEn
EVENT_SINK_AddRef$
D2Function>
__vbaEx
d'.Vxt
G`.data`1
XPTPSW
jjjjjjjjjjjjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjjjjjjjjjjjj
dddddddddddddddddddddddddd
dddddddddddddddddddddddddd
__________________________
$%12V44)
zzzzzzzzzzzzzzz
/Z
bcdddddddddef
/Ygggggggggggggg
(YZZ[a
(YYZZZ
deEFGH
12344*z
bbbbbbbbbbbbbbb
UUUUUUUUUUUUUUUC
w@gylz///////
cDefE!gYjjiiijj2mnop
UUCCCDVWX
YZZ[\2^
23456789:
"#$%&'()*+,
bcdefghi
WXYZ[\]^_`a
LMNOPQRSTUV
CDEFGGGHIJK
9:;<=>>?@AB
345678
$%&'()*+,-.
KERNEL32.DLL
MSVBVM60.DLL
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
!This program cannot be run in DOS mode.
(H2222
`|X22220L4D2222
h2222T@tx2222lp<P22228
Project1
frm_main
$%12V44)
(YZZ[a
w@gylz/
cDOE!gYjji
D\2^~7j
56789:
;Y6]^_`a
OPQRSTUV=G
%;<=>>?@AB
LU.([!
vcOkdu
Form1vg
$HT~_ 
tt#\Yx
musicvnWV
rosoft Windows
nK(~nOn=
[I|#pus
0n;Oza/`
module
egistry
untilW
checkM1
f4n@3K
gram Fi
/)ual Studio\VB98
d#BVh[
3Kk!nel32
ZNCx4Sr
~@HKr$/
d=42F7i
cAnDLL
WINDOWS\sy)
\msvbvm60.
JFoH;a
(4qivFg.
urrDtQ
in'dzr
TextAGh\2$
GLxgth+
NjH_]a
wrc%C1
.y,x8'
R9l-qS/l
u:SfNq
D&`{!E$
8s+pfh
<*l0L\
tXn?$WX
YQ`[\`
X\X\$Y.
BjBBbX
dC-!v:
ddLPLLA&
\PYTYL2
3fGTO7`
MethCallEn
EVENT_SINK_AddRef$
D2Function>
__vbaEx
d'.Vxt
G`.data`1
XPTPSW
jjjjjjjjjjjjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjjjjjjjjjjjj
dddddddddddddddddddddddddd
dddddddddddddddddddddddddd
__________________________
$%12V44)
zzzzzzzzzzzzzzz
/Z
bcdddddddddef
/Ygggggggggggggg
(YZZ[a
(YYZZZ
deEFGH
12344*z
bbbbbbbbbbbbbbb
UUUUUUUUUUUUUUUC
w@gylz///////
cDefE!gYjjiiijj2mnop
UUCCCDVWX
YZZ[\2^
23456789:
"#$%&'()*+,
bcdefghi
WXYZ[\]^_`a
LMNOPQRSTUV
CDEFGGGHIJK
9:;<=>>?@AB
345678
$%&'()*+,-.
KERNEL32.DLL
MSVBVM60.DLL
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
!This program cannot be run in DOS mode.
(H2222
`|X22220L4D2222
h2222T@tx2222lp<P22228
Project1
frm_main
$%12V44)
(YZZ[a
w@gylz/
cDOE!gYjji
D\2^~7j
56789:
;Y6]^_`a
OPQRSTUV=G
%;<=>>?@AB
LU.([!
vcOkdu
Form1vg
$HT~_ 
tt#\Yx
musicvnWV
rosoft Windows
nK(~nOn=
[I|#pus
0n;Oza/`
module
egistry
untilW
checkM1
f4n@3K
gram Fi
/)ual Studio\VB98
d#BVh[
3Kk!nel32
ZNCx4Sr
~@HKr$/
d=42F7i
cAnDLL
WINDOWS\sy)
\msvbvm60.
JFoH;a
(4qivFg.
urrDtQ
in'dzr
TextAGh\2$
GLxgth+
NjH_]a
wrc%C1
.y,x8'
R9l-qS/l
u:SfNq
D&`{!E$
8s+pfh
<*l0L\
tXn?$WX
YQ`[\`
X\X\$Y.
BjBBbX
dC-!v:
ddLPLLA&
\PYTYL2
3fGTO7`
MethCallEn
EVENT_SINK_AddRef$
D2Function>
__vbaEx
d'.Vxt
G`.data`1
XPTPSW
jjjjjjjjjjjjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjjjjjjjjjjjj
dddddddddddddddddddddddddd
dddddddddddddddddddddddddd
__________________________
$%12V44)
zzzzzzzzzzzzzzz
/Z
bcdddddddddef
/Ygggggggggggggg
(YZZ[a
(YYZZZ
deEFGH
12344*z
bbbbbbbbbbbbbbb
UUUUUUUUUUUUUUUC
w@gylz///////
cDefE!gYjjiiijj2mnop
UUCCCDVWX
YZZ[\2^
23456789:
"#$%&'()*+,
bcdefghi
WXYZ[\]^_`a
LMNOPQRSTUV
CDEFGGGHIJK
9:;<=>>?@AB
345678
$%&'()*+,-.
KERNEL32.DLL
MSVBVM60.DLL
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
!This program cannot be run in DOS mode.
(H2222
`|X22220L4D2222
h2222T@tx2222lp<P22228
Project1
frm_main
$%12V44)
(YZZ[a
w@gylz/
cDOE!gYjji
D\2^~7j
56789:
;Y6]^_`a
OPQRSTUV=G
%;<=>>?@AB
LU.([!
vcOkdu
Form1vg
$HT~_ 
tt#\Yx
musicvnWV
rosoft Windows
nK(~nOn=
[I|#pus
0n;Oza/`
module
egistry
untilW
checkM1
f4n@3K
gram Fi
/)ual Studio\VB98
d#BVh[
3Kk!nel32
ZNCx4Sr
~@HKr$/
d=42F7i
cAnDLL
WINDOWS\sy)
\msvbvm60.
JFoH;a
(4qivFg.
urrDtQ
in'dzr
TextAGh\2$
GLxgth+
NjH_]a
wrc%C1
.y,x8'
R9l-qS/l
u:SfNq
D&`{!E$
8s+pfh
<*l0L\
tXn?$WX
YQ`[\`
X\X\$Y.
BjBBbX
dC-!v:
ddLPLLA&
\PYTYL2
3fGTO7`
MethCallEn
EVENT_SINK_AddRef$
D2Function>
__vbaEx
d'.Vxt
G`.data`1
XPTPSW
jjjjjjjjjjjjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjjjjjjjjjjjj
dddddddddddddddddddddddddd
dddddddddddddddddddddddddd
__________________________
$%12V44)
zzzzzzzzzzzzzzz
/Z
bcdddddddddef
/Ygggggggggggggg
(YZZ[a
(YYZZZ
deEFGH
12344*z
bbbbbbbbbbbbbbb
UUUUUUUUUUUUUUUC
w@gylz///////
cDefE!gYjjiiijj2mnop
UUCCCDVWX
YZZ[\2^
23456789:
"#$%&'()*+,
bcdefghi
WXYZ[\]^_`a
LMNOPQRSTUV
CDEFGGGHIJK
9:;<=>>?@AB
345678
$%&'()*+,-.
KERNEL32.DLL
MSVBVM60.DLL
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
!This program cannot be run in DOS mode.
(H2222
`|X22220L4D2222
h2222T@tx2222lp<P22228
Project1
frm_main
$%12V44)
(YZZ[a
w@gylz/
cDOE!gYjji
D\2^~7j
56789:
;Y6]^_`a
OPQRSTUV=G
%;<=>>?@AB
LU.([!
vcOkdu
Form1vg
$HT~_ 
tt#\Yx
musicvnWV
rosoft Windows
nK(~nOn=
[I|#pus
0n;Oza/`
module
egistry
untilW
checkM1
f4n@3K
gram Fi
/)ual Studio\VB98
d#BVh[
3Kk!nel32
ZNCx4Sr
~@HKr$/
d=42F7i
cAnDLL
WINDOWS\sy)
\msvbvm60.
JFoH;a
(4qivFg.
urrDtQ
in'dzr
TextAGh\2$
GLxgth+
NjH_]a
wrc%C1
.y,x8'
R9l-qS/l
u:SfNq
D&`{!E$
8s+pfh
<*l0L\
tXn?$WX
YQ`[\`
X\X\$Y.
BjBBbX
dC-!v:
ddLPLLA&
\PYTYL2
3fGTO7`
MethCallEn
EVENT_SINK_AddRef$
D2Function>
__vbaEx
d'.Vxt
G`.data`1
XPTPSW
jjjjjjjjjjjjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjjjjjjjjjjjj
dddddddddddddddddddddddddd
dddddddddddddddddddddddddd
__________________________
$%12V44)
zzzzzzzzzzzzzzz
/Z
bcdddddddddef
/Ygggggggggggggg
(YZZ[a
(YYZZZ
deEFGH
12344*z
bbbbbbbbbbbbbbb
UUUUUUUUUUUUUUUC
w@gylz///////
cDefE!gYjjiiijj2mnop
UUCCCDVWX
YZZ[\2^
23456789:
"#$%&'()*+,
bcdefghi
WXYZ[\]^_`a
LMNOPQRSTUV
CDEFGGGHIJK
9:;<=>>?@AB
345678
$%&'()*+,-.
KERNEL32.DLL
MSVBVM60.DLL
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
!This program cannot be run in DOS mode.
(H2222
`|X22220L4D2222
h2222T@tx2222lp<P22228
Project1
frm_main
$%12V44)
(YZZ[a
w@gylz/
cDOE!gYjji
D\2^~7j
56789:
;Y6]^_`a
OPQRSTUV=G
%;<=>>?@AB
LU.([!
vcOkdu
Form1vg
$HT~_ 
tt#\Yx
musicvnWV
rosoft Windows
nK(~nOn=
[I|#pus
0n;Oza/`
module
egistry
untilW
checkM1
f4n@3K
gram Fi
/)ual Studio\VB98
d#BVh[
3Kk!nel32
ZNCx4Sr
~@HKr$/
d=42F7i
cAnDLL
WINDOWS\sy)
\msvbvm60.
JFoH;a
(4qivFg.
urrDtQ
in'dzr
TextAGh\2$
GLxgth+
NjH_]a
wrc%C1
.y,x8'
R9l-qS/l
u:SfNq
D&`{!E$
8s+pfh
<*l0L\
tXn?$WX
YQ`[\`
X\X\$Y.
BjBBbX
dC-!v:
ddLPLLA&
\PYTYL2
3fGTO7`
MethCallEn
EVENT_SINK_AddRef$
D2Function>
__vbaEx
d'.Vxt
G`.data`1
XPTPSW
jjjjjjjjjjjjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjjjjjjjjjjjj
dddddddddddddddddddddddddd
dddddddddddddddddddddddddd
__________________________
$%12V44)
zzzzzzzzzzzzzzz
/Z
bcdddddddddef
/Ygggggggggggggg
(YZZ[a
(YYZZZ
deEFGH
12344*z
bbbbbbbbbbbbbbb
UUUUUUUUUUUUUUUC
w@gylz///////
cDefE!gYjjiiijj2mnop
UUCCCDVWX
YZZ[\2^
23456789:
"#$%&'()*+,
bcdefghi
WXYZ[\]^_`a
LMNOPQRSTUV
CDEFGGGHIJK
9:;<=>>?@AB
345678
$%&'()*+,-.
KERNEL32.DLL
MSVBVM60.DLL
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
!This program cannot be run in DOS mode.
(H2222
`|X22220L4D2222
h2222T@tx2222lp<P22228
Project1
frm_main
$%12V44)
(YZZ[a
w@gylz/
cDOE!gYjji
D\2^~7j
56789:
;Y6]^_`a
OPQRSTUV=G
%;<=>>?@AB
LU.([!
vcOkdu
Form1vg
$HT~_ 
tt#\Yx
musicvnWV
rosoft Windows
nK(~nOn=
[I|#pus
0n;Oza/`
module
egistry
untilW
checkM1
f4n@3K
gram Fi
/)ual Studio\VB98
d#BVh[
3Kk!nel32
ZNCx4Sr
~@HKr$/
d=42F7i
cAnDLL
WINDOWS\sy)
\msvbvm60.
JFoH;a
(4qivFg.
urrDtQ
in'dzr
TextAGh\2$
GLxgth+
NjH_]a
wrc%C1
.y,x8'
R9l-qS/l
u:SfNq
D&`{!E$
8s+pfh
<*l0L\
tXn?$WX
YQ`[\`
X\X\$Y.
BjBBbX
dC-!v:
ddLPLLA&
\PYTYL2
3fGTO7`
MethCallEn
EVENT_SINK_AddRef$
D2Function>
__vbaEx
d'.Vxt
G`.data`1
XPTPSW
jjjjjjjjjjjjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjjjjjjjjjjjj
dddddddddddddddddddddddddd
dddddddddddddddddddddddddd
__________________________
$%12V44)
zzzzzzzzzzzzzzz
/Z
bcdddddddddef
/Ygggggggggggggg
(YZZ[a
(YYZZZ
deEFGH
12344*z
bbbbbbbbbbbbbbb
UUUUUUUUUUUUUUUC
w@gylz///////
cDefE!gYjjiiijj2mnop
UUCCCDVWX
YZZ[\2^
23456789:
"#$%&'()*+,
bcdefghi
WXYZ[\]^_`a
LMNOPQRSTUV
CDEFGGGHIJK
9:;<=>>?@AB
345678
$%&'()*+,-.
KERNEL32.DLL
MSVBVM60.DLL
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
!This program cannot be run in DOS mode.
(H2222
`|X22220L4D2222
h2222T@tx2222lp<P22228
Project1
frm_main
$%12V44)
(YZZ[a
w@gylz/
cDOE!gYjji
D\2^~7j
56789:
;Y6]^_`a
OPQRSTUV=G
%;<=>>?@AB
LU.([!
vcOkdu
Form1vg
$HT~_ 
tt#\Yx
musicvnWV
rosoft Windows
nK(~nOn=
[I|#pus
0n;Oza/`
module
egistry
untilW
checkM1
f4n@3K
gram Fi
/)ual Studio\VB98
d#BVh[
3Kk!nel32
ZNCx4Sr
~@HKr$/
d=42F7i
cAnDLL
WINDOWS\sy)
\msvbvm60.
JFoH;a
(4qivFg.
urrDtQ
in'dzr
TextAGh\2$
GLxgth+
NjH_]a
wrc%C1
.y,x8'
R9l-qS/l
u:SfNq
D&`{!E$
8s+pfh
<*l0L\
tXn?$WX
YQ`[\`
X\X\$Y.
BjBBbX
dC-!v:
ddLPLLA&
\PYTYL2
3fGTO7`
MethCallEn
EVENT_SINK_AddRef$
D2Function>
__vbaEx
d'.Vxt
G`.data`1
XPTPSW
jjjjjjjjjjjjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjjjjjjjjjjjj
dddddddddddddddddddddddddd
dddddddddddddddddddddddddd
__________________________
$%12V44)
zzzzzzzzzzzzzzz
/Z
bcdddddddddef
/Ygggggggggggggg
(YZZ[a
(YYZZZ
deEFGH
12344*z
bbbbbbbbbbbbbbb
UUUUUUUUUUUUUUUC
w@gylz///////
cDefE!gYjjiiijj2mnop
UUCCCDVWX
YZZ[\2^
23456789:
"#$%&'()*+,
bcdefghi
WXYZ[\]^_`a
LMNOPQRSTUV
CDEFGGGHIJK
9:;<=>>?@AB
345678
$%&'()*+,-.
KERNEL32.DLL
MSVBVM60.DLL
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
!This program cannot be run in DOS mode.
(H2222
`|X22220L4D2222
h2222T@tx2222lp<P22228
Project1
frm_main
$%12V44)
(YZZ[a
w@gylz/
cDOE!gYjji
D\2^~7j
56789:
;Y6]^_`a
OPQRSTUV=G
%;<=>>?@AB
LU.([!
vcOkdu
Form1vg
$HT~_ 
tt#\Yx
musicvnWV
rosoft Windows
nK(~nOn=
[I|#pus
0n;Oza/`
module
egistry
untilW
checkM1
f4n@3K
gram Fi
/)ual Studio\VB98
d#BVh[
3Kk!nel32
ZNCx4Sr
~@HKr$/
d=42F7i
cAnDLL
WINDOWS\sy)
\msvbvm60.
JFoH;a
(4qivFg.
urrDtQ
in'dzr
TextAGh\2$
GLxgth+
NjH_]a
wrc%C1
.y,x8'
R9l-qS/l
u:SfNq
D&`{!E$
8s+pfh
<*l0L\
tXn?$WX
YQ`[\`
X\X\$Y.
BjBBbX
dC-!v:
ddLPLLA&
\PYTYL2
3fGTO7`
MethCallEn
EVENT_SINK_AddRef$
D2Function>
__vbaEx
d'.Vxt
G`.data`1
XPTPSW
jjjjjjjjjjjjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjjjjjjjjjjjj
dddddddddddddddddddddddddd
dddddddddddddddddddddddddd
__________________________
$%12V44)
zzzzzzzzzzzzzzz
/Z
bcdddddddddef
/Ygggggggggggggg
(YZZ[a
(YYZZZ
deEFGH
12344*z
bbbbbbbbbbbbbbb
UUUUUUUUUUUUUUUC
w@gylz///////
cDefE!gYjjiiijj2mnop
UUCCCDVWX
YZZ[\2^
23456789:
"#$%&'()*+,
bcdefghi
WXYZ[\]^_`a
LMNOPQRSTUV
CDEFGGGHIJK
9:;<=>>?@AB
345678
$%&'()*+,-.
KERNEL32.DLL
MSVBVM60.DLL
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
@C:\Documents and Settings\DucDun
*\AD:\Lap Trinh\Virus Mau\Pro 3\Pro3.vbp
SeRestorePrivilege
SeBackupPrivilege
Access is denied
System
HideFileExt
Software\Microsoft\Windows\CurrentVersion\Explorer
Logon User Name
Hidden
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CabinetState
FullPath
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoFolderOptions
Software\Microsoft\Windows\CurrentVersion\Explorer\Streams
Settings
Scripting.FileSystemObject
CreateTextFile
temp.zip
Shell.Application
Namespace
CopyHere
backup
System Restore
update
CabinetWClass
ExploreWClass
Happy BirthDay my's Boss
Merry Christmas
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
040904B0
CompanyName
ProductName
Microsoft Windows
FileVersion
1.00.0057
ProductVersion
1.00.0057
InternalName
musicvn
OriginalFilename
musicvn.exe
(5%&'37
34456:
&*/3333,7
$%%%%
!!!5588844445
 ###$
******&&''((
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
040904B0
CompanyName
ProductName
Microsoft Windows
FileVersion
1.00.0057
ProductVersion
1.00.0057
InternalName
musicvn
OriginalFilename
musicvn.exe
(5%&'37
34456:
&*/3333,7
$%%%%
!!!5588844445
 ###$
******&&''((
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
040904B0
CompanyName
ProductName
Microsoft Windows
FileVersion
1.00.0057
ProductVersion
1.00.0057
InternalName
musicvn
OriginalFilename
musicvn.exe
(5%&'37
34456:
&*/3333,7
$%%%%
!!!5588844445
 ###$
******&&''((
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
040904B0
CompanyName
ProductName
Microsoft Windows
FileVersion
1.00.0057
ProductVersion
1.00.0057
InternalName
musicvn
OriginalFilename
musicvn.exe
(5%&'37
34456:
&*/3333,7
$%%%%
!!!5588844445
 ###$
******&&''((
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
040904B0
CompanyName
ProductName
Microsoft Windows
FileVersion
1.00.0057
ProductVersion
1.00.0057
InternalName
musicvn
OriginalFilename
musicvn.exe
(5%&'37
34456:
&*/3333,7
$%%%%
!!!5588844445
 ###$
******&&''((
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
040904B0
CompanyName
ProductName
Microsoft Windows
FileVersion
1.00.0057
ProductVersion
1.00.0057
InternalName
musicvn
OriginalFilename
musicvn.exe
(5%&'37
34456:
&*/3333,7
$%%%%
!!!5588844445
 ###$
******&&''((
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
040904B0
CompanyName
ProductName
Microsoft Windows
FileVersion
1.00.0057
ProductVersion
1.00.0057
InternalName
musicvn
OriginalFilename
musicvn.exe
(5%&'37
34456:
&*/3333,7
$%%%%
!!!5588844445
 ###$
******&&''((
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
040904B0
CompanyName
ProductName
Microsoft Windows
FileVersion
1.00.0057
ProductVersion
1.00.0057
InternalName
musicvn
OriginalFilename
musicvn.exe
(5%&'37
34456:
&*/3333,7
$%%%%
!!!5588844445
 ###$
******&&''((
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
040904B0
CompanyName
ProductName
Microsoft Windows
FileVersion
1.00.0057
ProductVersion
1.00.0057
InternalName
musicvn
OriginalFilename
musicvn.exe
(5%&'37
34456:
&*/3333,7
$%%%%
!!!5588844445
 ###$
******&&''((
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
040904B0
CompanyName
ProductName
Microsoft Windows
FileVersion
1.00.0057
ProductVersion
1.00.0057
InternalName
musicvn
OriginalFilename
musicvn.exe
(5%&'37
34456:
&*/3333,7
$%%%%
!!!5588844445
 ###$
******&&''((
!#969:
,-..//9%&&&
))))-;
****0 *
#'(,-.//7(2414
22233/14567
()*,,-4
%!!!!$$!"$%%&+5013334;
!"-00011./01125
"#'())  !"""#'(
 $'()-
&&''"$&12
&():;78:;;
"$&2236
%#%&))
)*-.//

Antivirus	Signature
Bkav	W32.AIDetectMalware
Lionic	Clean
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.Generic.4385790
CMC	Clean
CAT-QuickHeal	Trojan.Ghanarava.173252121345ebec
Skyhigh	BehavesLike.Win32.Generic.gm
ALYac	Trojan.Generic.4385790
Cylance	Unsafe
Zillya	Trojan.Vilsel.Win32.13108
Sangfor	Worm.Win32.VB.pro3
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Clean
K7GW	Trojan ( 005640b91 )
K7AntiVirus	Trojan ( 005640b91 )
huorong	Trojan/VBCode.aa
Baidu	Win32.Trojan.VB.x
Paloalto	Clean
Symantec	W32.Vilsel!gen1
tehtris	Generic.Malware
ESET-NOD32	Win32/VB.OZA
APEX	Malicious
Avast	Win32:Trojan-gen
Cynet	Malicious (score: 100)
Kaspersky	Trojan.Win32.Vilsel.loy
BitDefender	Trojan.Generic.4385790
NANO-Antivirus	Trojan.Win32.Vilsel.junlqn
ViRobot	Clean
Tencent	Trojan.Win32.VB.ctb
Sophos	Troj/VB-LET
F-Secure	Trojan.TR/ATRAPS.Gen2
DrWeb	Trojan.Copyself.102
VIPRE	Trojan.Generic.4385790
TrendMicro	WORM_VILSEL.SMB
McAfeeD	Real Protect-LS!D75E6386F37D
Trapmine	malicious.high.ml.score
CTX	exe.trojan.generic
Emsisoft	Trojan.Generic.4385790 (B)
Ikarus	Trojan.Win32.Plugx
GData	Win32.Trojan.Vilsel.A
Jiangmin	Trojan.Vilsel.dbg
Webroot	W32.Trojan.Gen
Varist	W32/VB.ADL.gen!Eldorado
Avira	TR/ATRAPS.Gen2
Antiy-AVL	Virus/Win32.Expiro.imp
Kingsoft	malware.kb.a.1000
Gridinsoft	Malware.Win32.Gen.bot!se30272
Xcitium	Packed.Win32.MUPX.Gen@24tbus
Arcabit	Trojan.Generic.D42EBFE
SUPERAntiSpyware	Trojan.Agent/Gen-Dropper
ZoneAlarm	Troj/VB-LET
Microsoft	Trojan:Win32/PlugX!pz
Google	Detected
AhnLab-V3	Trojan/Win32.Vilsel.C3039225
Acronis	suspicious
VBA32	SScope.Trojan.VB
TACHYON	Trojan/W32.VB-Agent.457485
Malwarebytes	Chir.Spyware.Infostealer.DDS
Panda	Trj/Vilsel.V
Zoner	Clean
TrendMicro-HouseCall	WORM_VILSEL.SMB
Rising	Trojan.VB!1.BAD4 (CLASSIC)
Yandex	Trojan.Vilsel!vfXGGqBiRvQ
TrellixENS	Generic VB.z
SentinelOne	Static AI - Malicious PE
Fortinet	W32/Agent.OZA!worm
AVG	Win32:Trojan-gen
DeepInstinct	MALICIOUS
alibabacloud	Trojan:Win/vbcode.B(dyn)

IRMA	Signature
Trend Micro SProtect (Linux)	WORM_VILSEL.SMB
Avast Core Security (Linux)	Win32:Vilsel-CT [Trj]
C4S ClamAV (Linux)	Win.Malware.Genpack-6989317-0
Trellix (Linux)	Generic VB.z trojan
Sophos Anti-Virus (Linux)	Troj/VB-LET
Bitdefender Antivirus (Linux)	Trojan.Generic.4385790
G Data Antivirus (Windows)	Virus: Trojan.Generic.4385790 (Engine A), Win32.Trojan.Vilsel.A (Engine B)
WithSecure (Linux)	Trojan.TR/ATRAPS.Gen2
ESET Security (Windows)	Win32/VB.OZA trojan
DrWeb Antivirus (Linux)	Trojan.Copyself.102
ClamAV (Linux)	Win.Malware.Genpack-6989317-0
eScan Antivirus (Linux)	Trojan.Generic.4385790(DB)
Kaspersky Standard (Windows)	Trojan.Win32.Vilsel.loy
Emsisoft Commandline Scanner (Windows)	Trojan.Generic.4385790 (B)

Browser recommendation

Static Analysis

PE Compile Time

PE Imphash

Sections

Resources

Imports

Browser recommendation

PE Compile Time

PE Imphash

Sections

Resources

Imports

Feedback