Try VMRay Platform
Malicious
Classifications

Spyware Injector

Threat Names

AgentTesla.v3

Dynamic Analysis Report

Created on 2022-08-05T12:20:08+00:00

22083794e761ae3e2fb684244ddadba8353b0dc25549d9591dbbd118dde52054.exe

Windows Exe (x86-32)
...
Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\22083794e761ae3e2fb684244ddadba8353b0dc25549d9591dbbd118dde52054.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 825.50 KB
MD5 9c8721d5f0dfcb5893766810fc016b1b Copy to Clipboard
SHA1 097e2d6bd75f55fee4ba991696d15bbd0f73137f Copy to Clipboard
SHA256 22083794e761ae3e2fb684244ddadba8353b0dc25549d9591dbbd118dde52054 Copy to Clipboard
SSDeep 12288:OxjlkBIh6kLw/997uWi+bLtVo80FuYAMrovCSePuv:AsiAJJb3o8zsIh Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
PE Information
»
Image Base 0x00400000
Entry Point 0x004CFD3E
Size Of Code 0x000CDE00
Size Of Initialized Data 0x00000600
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2022-08-05 09:10 (UTC+2)
Version Information (11)
»
Comments
CompanyName Microsoft
FileDescription MTG Registry
FileVersion 1.0.0.0
InternalName rQooZu.exe
LegalCopyright Copyright © 2016
LegalTrademarks
OriginalFilename rQooZu.exe
ProductName MTG Registry
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00402000 0x000CDD44 0x000CDE00 0x00000200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.99
.rsrc 0x004D0000 0x00000390 0x00000400 0x000CE000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 2.89
.reloc 0x004D2000 0x0000000C 0x00000200 0x000CE400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x00402000 0x000CFD10 0x000CDF10 0x00000000
Memory Dumps (39)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
22083794e761ae3e2fb684244ddadba8353b0dc25549d9591dbbd118dde52054.exe 1 0x00400000 0x004D3FFF Relevant Image False 32-bit - False
...
buffer 1 0x075F0000 0x075F4FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x006D0000 0x00706FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
buffer 1 0x07C50000 0x07CC8FFF Marked Executable False 32-bit - False
...
22083794e761ae3e2fb684244ddadba8353b0dc25549d9591dbbd118dde52054.exe 1 0x00400000 0x004D3FFF Process Termination False 32-bit - False
...
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image