AgentTesla.v3 | 31941c96fa47

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\31941c96fa470de35d08fd8bdc215c2ff2cbeb82dd72e91aafa563c08af7c969.exe

Sample File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	673.50 KB
MD5	5d5f37a7cf3a9ff4277b3a9dc2c4b9d2
SHA1	1a115c8a1761ef2a2cf61d854d1d2c201c902d53
SHA256	31941c96fa470de35d08fd8bdc215c2ff2cbeb82dd72e91aafa563c08af7c969
SSDeep	12288:22L2IOI6QPAc9lIZx2tDPG2xMN1HHG05LZ524R8douFvjkntY9DTVYCsK5iZ1:22j6gz92AtDPGaMnnRBZ7+1F70481Z
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

PE Information

Image Base	0x00400000
Entry Point	0x004A5D3A
Size Of Code	0x000A3E00
Size Of Initialized Data	0x00004600
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2079-12-18 17:53 (UTC+1)

Version Information (11)

Comments
CompanyName	sandboxie-plus.com
FileDescription	Sandboxie Installer
FileVersion	1.0.0.0
InternalName	Generic.exe
LegalCopyright	Copyright © 2020-2021 by David Xanatos (xanasoft.com)
LegalTrademarks
OriginalFilename	Generic.exe
ProductName	Sandboxie
ProductVersion	1.0.0.0
Assembly Version	1.0.0.0

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x000A3D40	0x000A3E00	0x00000200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	7.98
.rsrc	0x004A6000	0x0000420E	0x00004400	0x000A4000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.03
.reloc	0x004AC000	0x0000000C	0x00000200	0x000A8400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x00402000	0x000A5D10	0x000A3F10	0x00000000

Memory Dumps (5)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
31941c96fa470de35d08fd8bdc215c2ff2cbeb82dd72e91aafa563c08af7c969.exe	1	0x00400000	0x004ADFFF	Relevant Image	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x04890000	0x048A1FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x07B70000	0x07C04FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x07C50000	0x07CB2FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
31941c96fa470de35d08fd8bdc215c2ff2cbeb82dd72e91aafa563c08af7c969.exe	1	0x00400000	0x004ADFFF	Process Termination	32-bit	-	... Actions Go to Process Download Dump

C:\Users\RDhJ0CNFevzX\AppData\Roaming\ykVBUY\ykVBUY.exe

Dropped File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	254.30 KB
MD5	de73d97007c8a8dd7ed37e4b8292b7fa
SHA1	64a1d22c1cf37baa9c2c0a75ceea789da5639848
SHA256	2c75ad03937eee1046942d48b0fdc366e908dc00a5defc8f3b9513c7821a78b8
SSDeep	3072:DHRWZulHeqY96xuzvqNLpj/LGIw2XpFU4rwOeSgbZzX8f02RFijxHujLnECMqN:jYZiHHY9Jv4puIRXfMu02bi9O3IqN
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Verdict

Clean

PE Information

Image Base	0x00400000
Entry Point	0x00439422
Size Of Code	0x00037600
Size Of Initialized Data	0x00004200
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2015-10-08 03:13 (UTC+2)

Version Information (10)

CompanyName	Microsoft Corporation
FileDescription	MSBuild.exe
FileVersion	4.6.1038.0 built by: NETFXREL2
InternalName	MSBuild.exe
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	MSBuild.exe
ProductName	Microsoft® .NET Framework
ProductVersion	4.6.1038.0
Comments	Flavor=Retail
PrivateBuild	DDBLD597

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x00037440	0x00037600	0x00000200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	5.97
.rsrc	0x0043A000	0x00003EF4	0x00004000	0x00037800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	6.27
.reloc	0x0043E000	0x0000000C	0x00000200	0x0003B800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x00402000	0x000393F5	0x000375F5	0x00000000

Digital Signature Information

Verification Status

Valid

Certificate: Microsoft Corporation

Issued by	Microsoft Corporation
Parent Certificate	Microsoft Code Signing PCA
Country Name	US
Valid From	2015-06-04 19:42 (UTC+2)
Valid Until	2016-09-04 19:42 (UTC+2)
Algorithm	sha1_rsa
Serial Number	33 00 00 01 0A 2C 79 AE D7 79 7B A6 AC 00 01 00 00 01 0A
Thumbprint	3B DA 32 3E 55 2D B1 FD E5 F4 FB EE 75 D6 D5 B2 B1 87 EE DC

Certificate: Microsoft Code Signing PCA

Issued by	Microsoft Code Signing PCA
Country Name	US
Valid From	2010-09-01 00:19 (UTC+2)
Valid Until	2020-09-01 00:29 (UTC+2)
Algorithm	sha1_rsa
Serial Number	61 33 26 1A 00 00 00 00 00 31
Thumbprint	3C AF 9B A2 DB 55 70 CA F7 69 42 FF 99 10 1B 99 38 88 E2 57

C:\Windows\system32\drivers\etc\hosts

Modified File

Text

MIME Type	text/plain
File Size	835 Bytes
MD5	6eb47c1cf858e25486e42440074917f2
SHA1	6a63f93a95e1ae831c393a97158c526a4fa0faae
SHA256	9b13a3ea948a1071a81787aac1930b89e30df22ce13f8ff751f31b5d83e79ffb
SSDeep	24:QWDZh+ragzMZfuMMs1L/JU5fFCkK8T1rTt8:vDZhyoZWM9rU5fFcP
ImpHash	-

Remarks (1/1)

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information