AgentTesla.v3 | 372f3ede21d2

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\372f3ede21d2dc6c7f2ef29b36a29f8473ddb9d069c5a29cab5d26f9b6f3ecda.exe

Sample File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	611.50 KB
MD5	186652d7ffc900eb5bf55e72c7ff07d8
SHA1	a298ae3f26515bf2795dff5e415f01184e00fee0
SHA256	372f3ede21d2dc6c7f2ef29b36a29f8473ddb9d069c5a29cab5d26f9b6f3ecda
SSDeep	12288:kSatuEQ+PG9gTs8J48y12L2I23fh3jCjsu68jpCr6p9qgBX3:kSa82wfVOsuRjMrIq6X3
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

PE Information

Image Base	0x00400000
Entry Point	0x004A000A
Size Of Code	0x0008C400
Size Of Initialized Data	0x0000C600
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2072-04-06 07:32 (UTC+2)

Version Information (11)

Comments
CompanyName	sandboxie-plus.com
FileDescription	Sandboxie Installer
FileVersion	1.0.0.0
InternalName	AssemblyDescriptionAttrib.exe
LegalCopyright	Copyright © 2020-2021 by David Xanatos (xanasoft.com)
LegalTrademarks
OriginalFilename	AssemblyDescriptionAttrib.exe
ProductName	Sandboxie
ProductVersion	1.0.0.0
Assembly Version	1.0.0.0

Sections (5)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
M 'M)[6	0x00402000	0x0000BCA0	0x0000BE00	0x00000400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	8.0
.text	0x0040E000	0x0008C1A8	0x0008C200	0x0000C200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	7.92
.rsrc	0x0049C000	0x00000438	0x00000600	0x00098400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	2.47
.reloc	0x0049E000	0x0000000C	0x00000200	0x00098A00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.08
	0x004A0000	0x00000010	0x00000200	0x00098C00	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x004A0000	0x0000E8C0	0x0000CAC0	0x00000000

Memory Dumps (24)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
372f3ede21d2dc6c7f2ef29b36a29f8473ddb9d069c5a29cab5d26f9b6f3ecda.exe	1	0x00400000	0x004A1FFF	Relevant Image	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x06B60000	0x06B71FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x04200000	0x04276FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x09F00000	0x09F36FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x00400000	0x00439FFF	Content Changed	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
372f3ede21d2dc6c7f2ef29b36a29f8473ddb9d069c5a29cab5d26f9b6f3ecda.exe	1	0x00400000	0x004A1FFF	Process Termination	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x00440000	0x004D8FFF	First Execution	32-bit	0x004934C4	... Actions Go to Process Download Dump
buffer	2	0x0541E000	0x0541FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x0522F000	0x0522FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x050EF000	0x050EFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x04F6E000	0x04F6FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x04E2E000	0x04E2FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x043EE000	0x043EFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x00199000	0x0019FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x00400000	0x00439FFF	First Network Behavior	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
buffer	2	0x00440000	0x004D8FFF	First Network Behavior	32-bit	0x004AE3DC	... Actions Go to Process Download Dump
buffer	2	0x0061EC88	0x0061ED07	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x0061ED98	0x0061EE17	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x00AA62D8	0x00AA6357	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x00400000	0x00439FFF	Final Dump	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
buffer	2	0x00440000	0x004D8FFF	Final Dump	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x0061EC88	0x0061ED07	Final Dump	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x0061ED98	0x0061EE17	Final Dump	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x00AA62D8	0x00AA6357	Final Dump	32-bit	-	... Actions Go to Process Download Dump

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information