Try VMRay Platform
Malicious
Classifications

Spyware

Threat Names

Agent Tesla v3 C2/Generic-A Gen:Variant.Bulz.766082

Dynamic Analysis Report

Created on 2021-09-27T14:15:00

85627117b351e81655bb56b947b61a198d195a225db0e002ef476460b9f273ac.exe

Windows Exe (x86-32)
...
Filters:
File Name Category Type Verdict Actions
C:\Users\kEecfMwgj\Desktop\85627117b351e81655bb56b947b61a198d195a225db0e002ef476460b9f273ac.exe Sample File Binary
malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 862.00 KB
MD5 22a2657bb48e3303f6f0a0fd1fdfe441 Copy to Clipboard
SHA1 d6a230a732f3d691a7fce60081f30627ffabd33d Copy to Clipboard
SHA256 85627117b351e81655bb56b947b61a198d195a225db0e002ef476460b9f273ac Copy to Clipboard
SSDeep 12288:X52s002Ce2nsnG3/TEbszQ4yejeIxJjtaTXOYVgqrmYBF0yI9STO3AbX8bwtxTse:zTIFMF+wGyVDidkAFjHoSa8F+2 Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
AV Matches (1)
»
Threat Name Verdict
Gen:Variant.Bulz.766082
malicious
PE Information
»
Image Base 0x400000
Entry Point 0x4bfcf2
Size Of Code 0xbde00
Size Of Initialized Data 0x19800
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2021-09-27 01:16:22+00:00
Version Information (11)
»
Comments -
CompanyName F@Soft
FileDescription Darwin AW
FileVersion 1.0.6.0
InternalName WindowsIdenti.exe
LegalCopyright Copyright © F@Soft
LegalTrademarks -
OriginalFilename WindowsIdenti.exe
ProductName Darwin AW
ProductVersion 1.0.6.0
Assembly Version 1.0.6.2
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0xbdcf8 0xbde00 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.08
.rsrc 0x4c0000 0x19434 0x19600 0xbe000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.3
.reloc 0x4da000 0xc 0x200 0xd7600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x402000 0xbfcc8 0xbdec8 0x0
Memory Dumps (3)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
85627117b351e81655bb56b947b61a198d195a225db0e002ef476460b9f273ac.exe 1 0x00120000 0x001FBFFF Relevant Image False 32-bit - False False
...
buffer 7 0x00400000 0x0043BFFF Content Changed False 32-bit - False True
...
85627117b351e81655bb56b947b61a198d195a225db0e002ef476460b9f273ac.exe 7 0x00120000 0x001FBFFF Relevant Image False 32-bit - False False
...
C:\Windows\system32\drivers\etc\hosts Modified File Text
clean
...
»
MIME Type text/plain
File Size 835 Bytes
MD5 6eb47c1cf858e25486e42440074917f2 Copy to Clipboard
SHA1 6a63f93a95e1ae831c393a97158c526a4fa0faae Copy to Clipboard
SHA256 9b13a3ea948a1071a81787aac1930b89e30df22ce13f8ff751f31b5d83e79ffb Copy to Clipboard
SSDeep 24:QWDZh+ragzMZfuMMs1L/JU5fFCkK8T1rTt8:vDZhyoZWM9rU5fFcP Copy to Clipboard
ImpHash -
c:\users\keecfmwgj\appdata\local\gdipfontcachev1.dat Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 8.03 KB
MD5 3b124f39977734e519b4d76da3fd1429 Copy to Clipboard
SHA1 93258edf50199af514b466e27af94b44f9eee8a7 Copy to Clipboard
SHA256 790a6af00576b6ee07663cf571a92e5b72379c9d24f3599af1fa9fec8aeb168a Copy to Clipboard
SSDeep 3:5tmlNlPlcy:5tm/ Copy to Clipboard
ImpHash -
c:\users\keecfmwgj\appdata\local\gdipfontcachev1.dat Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 108.45 KB
MD5 b4b887b290cc554b2ceb8d8a5d58e780 Copy to Clipboard
SHA1 ced9d85c5029c994e6d4274e9d865ecc89549f4d Copy to Clipboard
SHA256 3834c58cec46747331b7e675f28dc2d7498faade8ca3c52b8993203165fcb14e Copy to Clipboard
SSDeep 768:nU33iHuvsHgTllu5Xo9Rx68tS+Sww+oOAPHBBpWkjJNiKiEI0UaXgP4lXia:ImuvsHgTllOo/xGrOAPckjJNiKioILa Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image