AgentTesla.v3 | 5cc3602f4577

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\5cc3602f45772a86c0548e965ce7e57809e2e00ac5f5f100006da37bb79c77cb.exe

Sample File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	779.00 KB
MD5	ba7863b67930a109864139efe3da478e
SHA1	0a90df33ba078ba54576906d6072a11b8dca5356
SHA256	5cc3602f45772a86c0548e965ce7e57809e2e00ac5f5f100006da37bb79c77cb
SSDeep	12288:zbv7n02b2UVFdPBGjy1AuFWBVeS5f/QBK7CNhvk0R4pRmCDqHVVAx67WeyqLvLqh:3Gjy1AuBS5c+Y7ipRmb13W4LzEkM
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Verdict	Malicious
Names	Mal/Generic-S

PE Information

Image Base	0x00400000
Entry Point	0x004C28DA
Size Of Code	0x000C0A00
Size Of Initialized Data	0x00002000
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2022-07-26 19:55 (UTC+2)

Version Information (11)

Comments
CompanyName
FileDescription	LoLNotes
FileVersion	1.1
InternalName	TimerCallb.exe
LegalCopyright	Copyright © high828 2011
LegalTrademarks
OriginalFilename	TimerCallb.exe
ProductName	LoLNotes
ProductVersion	1.1
Assembly Version	1.1.0.0

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x000C0910	0x000C0A00	0x00000200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	7.79
.rsrc	0x004C4000	0x00001CA4	0x00001E00	0x000C0C00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	6.82
.reloc	0x004C6000	0x0000000C	0x00000200	0x000C2A00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x00402000	0x000C28B0	0x000C0AB0	0x00000000

Memory Dumps (23)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
5cc3602f45772a86c0548e965ce7e57809e2e00ac5f5f100006da37bb79c77cb.exe	1	0x00400000	0x004C7FFF	Relevant Image	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x07D90000	0x07D9EFFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x07DA0000	0x07DA2FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02230000	0x022B3FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x07DA0000	0x07DA2FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00710000	0x00748FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x00400000	0x00439FFF	Content Changed	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
5cc3602f45772a86c0548e965ce7e57809e2e00ac5f5f100006da37bb79c77cb.exe	1	0x00400000	0x004C7FFF	Process Termination	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x0530E000	0x0530FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x0510F000	0x0510FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x04FAF000	0x04FAFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x04F2E000	0x04F2FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x04DEE000	0x04DEFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x0430E000	0x0430FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x00199000	0x0019FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x00400000	0x00439FFF	First Network Behavior	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
buffer	2	0x00572C60	0x00572CDF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x0071DE70	0x0071DEEF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x0071E5E0	0x0071E65F	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x00400000	0x00439FFF	Final Dump	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
buffer	2	0x00572C60	0x00572CDF	Final Dump	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x0071DE70	0x0071DEEF	Final Dump	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x0071E5E0	0x0071E65F	Final Dump	32-bit	-	... Actions Go to Process Download Dump

f67286259cf7d1c5b4f7a67a3ac6fa542d1989fc9a8ebf5ef4f208bdec8895fc

Extracted File

Image

Parent File	C:\Users\RDhJ0CNFevzX\Desktop\5cc3602f45772a86c0548e965ce7e57809e2e00ac5f5f100006da37bb79c77cb.exe
MIME Type	image/png
File Size	3.89 KB
MD5	ff1a15989ffe8295ca386fe555b4e397
SHA1	ca9ac0823bc5df05c40c482e2e75c063e5284082
SHA256	f67286259cf7d1c5b4f7a67a3ac6fa542d1989fc9a8ebf5ef4f208bdec8895fc
SSDeep	96:1SM6PrGmsNwXNQPdv2e02UpdB3AKzIzfWzF5HaUYDuWASF:1SM6PYNmSVv14tCfWzfHXYSK
ImpHash	-

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information