Try VMRay Platform
Malicious
Classifications

Spyware Keylogger

Threat Names

Agent Tesla v3 Mal/Generic-S Mal/HTMLGen-A

Dynamic Analysis Report

Created on 2021-09-27T09:18:00

b0a10bd27d48fea4e569797829057892.virus.exe

Windows Exe (x86-32)
...
Filters:
File Name Category Type Verdict Actions
C:\Users\kEecfMwgj\Desktop\b0a10bd27d48fea4e569797829057892.virus.exe Sample File Binary
malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 861.50 KB
MD5 b0a10bd27d48fea4e569797829057892 Copy to Clipboard
SHA1 5909c3383e27a1c5e7edcadd5319b31d2813df12 Copy to Clipboard
SHA256 4e63cadd6aa91bc65755bd2b4035a3451cbc4854ed2817ac08941919f892f7e7 Copy to Clipboard
SSDeep 12288:fycRcIcGRiuoBQnxcsDA7Mg+Svq4DPp9KDwu43oO3yYeQEi2RA/2xYBSzz2DNBcF:n2IFjF+3e+vms2bC/UP1QHeF+G Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
File Reputation Information
»
Verdict
malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x400000
Entry Point 0x4bfade
Size Of Code 0xbdc00
Size Of Initialized Data 0x19800
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2021-09-27 02:04:15+00:00
Version Information (11)
»
Comments -
CompanyName F@Soft
FileDescription Darwin AW
FileVersion 1.0.6.0
InternalName ContractArgumentValidatorAttribu.exe
LegalCopyright Copyright © F@Soft
LegalTrademarks -
OriginalFilename ContractArgumentValidatorAttribu.exe
ProductName Darwin AW
ProductVersion 1.0.6.0
Assembly Version 1.0.6.2
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0xbdae4 0xbdc00 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.08
.rsrc 0x4c0000 0x19484 0x19600 0xbde00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.3
.reloc 0x4da000 0xc 0x200 0xd7400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x402000 0xbfab4 0xbdcb4 0x0
Memory Dumps (3)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
b0a10bd27d48fea4e569797829057892.virus.exe 1 0x00F60000 0x0103BFFF Relevant Image False 32-bit - False False
...
buffer 2 0x00400000 0x0043BFFF Content Changed False 32-bit - False True
...
b0a10bd27d48fea4e569797829057892.virus.exe 2 0x00F60000 0x0103BFFF Relevant Image False 32-bit - False False
...
c:\users\keecfmwgj\appdata\local\gdipfontcachev1.dat Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 8.03 KB
MD5 3b124f39977734e519b4d76da3fd1429 Copy to Clipboard
SHA1 93258edf50199af514b466e27af94b44f9eee8a7 Copy to Clipboard
SHA256 790a6af00576b6ee07663cf571a92e5b72379c9d24f3599af1fa9fec8aeb168a Copy to Clipboard
SSDeep 3:5tmlNlPlcy:5tm/ Copy to Clipboard
ImpHash -
c:\users\keecfmwgj\appdata\local\gdipfontcachev1.dat Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 108.45 KB
MD5 19a547cdeba4f7199393addfd996b6d6 Copy to Clipboard
SHA1 635f5bdcb1f5e719554cf80a04d2458067af4977 Copy to Clipboard
SHA256 4d55a3a562da4193c4f052457deead562b2b4b326d9ed8a1ceb0b58e36c41687 Copy to Clipboard
SSDeep 768:4U33iHuvsHgTllu5Do9Ox68tS3Sww+oOHaHBBpWkcJfiKREI0UaX5O4lXim:7muvsHgTllyosxGUOHackcJfiKRoBam Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image