Agent Tesla v3 | 8842d55ed240

Classifications

Spyware

Threat Names

Agent Tesla v3 Mal/Generic-S Gen:Heur.MSIL.Androm.1

Dynamic Analysis Report

Created on 2021-09-28T06:45:00

Revised Proforma Invoice_New order.exe

Windows Exe (x86-32)

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\kEecfMwgj\Desktop\Revised Proforma Invoice_New order.exe

Sample File

Binary

Also Known As	C:\Users\kEecfMwgj\AppData\Local\Temp\Revised Proforma Invoice_New order.exe (Dropped File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	622.00 KB
MD5	3a391e960ff363979a5ac9dc3a95c636
SHA1	8930a2e630f133dfb78e87e06b4f9ecd882a84e1
SHA256	8842d55ed240f4ed04d12d227dfd1c65bc20b72bf79fc5e40daf61d9f3f86d47
SSDeep	12288:Wcdn9Pox2engU3L9iCXCQUy+NLBreWNAMg+MMMMMMMMMMMuMMMMMMMMMMMMMMMMR:WG+9cCStVreKg+MMMMMMMMMMMuMMMMMp
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Verdict	malicious
Names	Mal/Generic-S

AV Matches (1)

Threat Name	Verdict
Gen:Heur.MSIL.Androm.1	malicious

PE Information

Image Base	0x400000
Entry Point	0x45f3ae
Size Of Code	0x5d400
Size Of Initialized Data	0x3e200
File Type	FileType.executable
Subsystem	Subsystem.windows_cui
Machine Type	MachineType.i386
Compile Timestamp	2076-01-29 00:16:57+00:00

Version Information (11)

Comments	PureCrypter
CompanyName	PureCoder
FileDescription	PureCrypter
FileVersion	2.0.7940.29218
InternalName	uuuuu.exe
LegalCopyright	Copyright © 2021
LegalTrademarks	-
OriginalFilename	uuuuu.exe
ProductName	PureCrypter
ProductVersion	2.0.7940.29218
Assembly Version	2.0.7940.29218

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x402000	0x5d3b4	0x5d400	0x200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	5.87
.rsrc	0x460000	0x3dff4	0x3e000	0x5d600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.72
.reloc	0x49e000	0xc	0x200	0x9b600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x402000	0x5f384	0x5d584	0x0

Memory Dumps (1)

Name	Process ID	Start VA	End VA	Dump Reason	PE Rebuild	Bitness	Entry Point	AV	YARA	Actions
revised proforma invoice_new order.exe	1	0x00050000	0x000EFFFF	Relevant Image		32-bit	-			... Memory Dump Actions Go to Process Download Dump

WHOIS Domain Information

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".

Before

After

Screenshot

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

WHOIS Domain Information

Before

After