Try VMRay Platform
Malicious
Classifications

Spyware

Threat Names

AgentTesla.v3 Mal/Generic-S

Dynamic Analysis Report

Created on 2022-08-05T11:00:00+00:00

6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe

Windows Exe (x86-32)
...

Remarks (1/1)

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe Sample File Binary
Malicious
...
»
Also Known As C:\Users\RDhJ0CNFevzX\AppData\Roaming\ObhZOLODRqR.exe (Accessed File)
MIME Type application/vnd.microsoft.portable-executable
File Size 782.50 KB
MD5 75c66bdbd22e4745cf2554712c31bb9e Copy to Clipboard
SHA1 165a1b9ce59f2d07bb8ae4ee81200345709007b0 Copy to Clipboard
SHA256 6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29 Copy to Clipboard
SSDeep 12288:Ni78QCM0vT5XX2sIhKbZK6ZshN2gUDe8jTFa9Md8ClaO2tRaYnrdv7ByMg6SKlpx:jTtT5bIh6sOiMjlmLaYnrZ7BvLlpx Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x00400000
Entry Point 0x004C4DF2
Size Of Code 0x000C3000
Size Of Initialized Data 0x00000800
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2092-12-16 18:42 (UTC+1)
Version Information (11)
»
Comments
CompanyName
FileDescription Lib Mang Sys
FileVersion 1.0.0.0
InternalName DebuggerDisplayAttrib.exe
LegalCopyright Copyright © 2020
LegalTrademarks
OriginalFilename DebuggerDisplayAttrib.exe
ProductName Lib Mang Sys
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00402000 0x000C2E10 0x000C3000 0x00000200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.54
.rsrc 0x004C6000 0x000005EC 0x00000600 0x000C3200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.19
.reloc 0x004C8000 0x0000000C 0x00000200 0x000C3800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x00402000 0x000C4DC8 0x000C2FC8 0x00000000
Memory Dumps (8)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe 1 0x00400000 0x004C9FFF Relevant Image False 32-bit - False
...
buffer 1 0x02250000 0x0225FFFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x047D0000 0x047D2FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x00930000 0x009B2FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe 1 0x00400000 0x004C9FFF Final Dump False 32-bit - False
...
buffer 1 0x079F0000 0x07A28FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 7 0x00400000 0x00439FFF Content Changed False 32-bit - False
...
6b0b7f653e4aa7ad98b6417cf50934cc6825ccffdcb750baa321536cd8816e29.exe 1 0x00400000 0x004C9FFF Process Termination False 32-bit - False
...
C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\tmpA6AC.tmp Dropped File Text
Clean
...
»
MIME Type text/xml
File Size 1.56 KB
MD5 9600eb0e19dc171ba82446360c7ee139 Copy to Clipboard
SHA1 4d2a10a93fb6b45070b656fa8de6235f1533a2ca Copy to Clipboard
SHA256 259dab5b5709716249ae4a0265b01acf5eb9756f1f2f37964b217edbc5ac9dc7 Copy to Clipboard
SSDeep 24:2di4+S2qh9Y1Sy1mlUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtrxvn:cge2UYrFdOFzOzN33ODOiDdKrsuTVv Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image