Malicious
Classifications
Spyware
Threat Names
Agent Tesla v3 C2/Generic-A Gen:Variant.Bulz.766082
Dynamic Analysis Report
Created on 2021-09-27T14:15:00
85627117b351e81655bb56b947b61a198d195a225db0e002ef476460b9f273ac.exe
Windows Exe (x86-32)
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\kEecfMwgj\Desktop\85627117b351e81655bb56b947b61a198d195a225db0e002ef476460b9f273ac.exe | Sample File | Binary |
malicious
|
...
|
»
AV Matches (1)
»
Threat Name | Verdict |
---|---|
Gen:Variant.Bulz.766082 |
malicious
|
PE Information
»
Image Base | 0x400000 |
Entry Point | 0x4bfcf2 |
Size Of Code | 0xbde00 |
Size Of Initialized Data | 0x19800 |
File Type | FileType.executable |
Subsystem | Subsystem.windows_gui |
Machine Type | MachineType.i386 |
Compile Timestamp | 2021-09-27 01:16:22+00:00 |
Version Information (11)
»
Comments | - |
CompanyName | F@Soft |
FileDescription | Darwin AW |
FileVersion | 1.0.6.0 |
InternalName | WindowsIdenti.exe |
LegalCopyright | Copyright © F@Soft |
LegalTrademarks | - |
OriginalFilename | WindowsIdenti.exe |
ProductName | Darwin AW |
ProductVersion | 1.0.6.0 |
Assembly Version | 1.0.6.2 |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x402000 | 0xbdcf8 | 0xbde00 | 0x200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.08 |
.rsrc | 0x4c0000 | 0x19434 | 0x19600 | 0xbe000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.3 |
.reloc | 0x4da000 | 0xc | 0x200 | 0xd7600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.1 |
Imports (1)
»
mscoree.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | - | 0x402000 | 0xbfcc8 | 0xbdec8 | 0x0 |
Memory Dumps (3)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | AV | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|---|
85627117b351e81655bb56b947b61a198d195a225db0e002ef476460b9f273ac.exe | 1 | 0x00120000 | 0x001FBFFF | Relevant Image | 32-bit | - |
...
|
|||
buffer | 7 | 0x00400000 | 0x0043BFFF | Content Changed | 32-bit | - |
...
|
|||
85627117b351e81655bb56b947b61a198d195a225db0e002ef476460b9f273ac.exe | 7 | 0x00120000 | 0x001FBFFF | Relevant Image | 32-bit | - |
...
|
C:\Windows\system32\drivers\etc\hosts | Modified File | Text |
clean
|
...
|
»
c:\users\keecfmwgj\appdata\local\gdipfontcachev1.dat | Dropped File | Stream |
clean
|
...
|
»
c:\users\keecfmwgj\appdata\local\gdipfontcachev1.dat | Dropped File | Stream |
clean
|
...
|
»