Malicious
Classifications
Spyware
Threat Names
AgentTesla.v3 Mal/Generic-S
Dynamic Analysis Report
Created on 2022-07-25T10:21:53+00:00
89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe
Windows Exe (x86-32)
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\kEecfMwgj\Desktop\89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe | Sample File | Binary |
Malicious
|
...
|
»
File Reputation Information
»
Verdict |
Malicious
|
Names | Mal/Generic-S |
PE Information
»
Image Base | 0x00400000 |
Entry Point | 0x004B990E |
Size Of Code | 0x000B7A00 |
Size Of Initialized Data | 0x00002600 |
File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Machine Type | IMAGE_FILE_MACHINE_I386 |
Compile Timestamp | 2102-01-19 03:38 (UTC+1) |
Version Information (11)
»
Comments | Card Puncher |
CompanyName | Landskip Yard Care |
FileDescription | Infusion |
FileVersion | 1.2.0.0 |
InternalName | ObjectN.exe |
LegalCopyright | Landskip Yard Care © 2021 |
LegalTrademarks | |
OriginalFilename | ObjectN.exe |
ProductName | Infusion |
ProductVersion | 1.2.0.0 |
Assembly Version | 1.2.0.0 |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x00402000 | 0x000B7914 | 0x000B7A00 | 0x00000200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.56 |
.rsrc | 0x004BA000 | 0x000022BC | 0x00002400 | 0x000B7C00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 7.43 |
.reloc | 0x004BE000 | 0x0000000C | 0x00000200 | 0x000BA000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.1 |
Imports (1)
»
mscoree.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | - | 0x00402000 | 0x000B98E8 | 0x000B7AE8 | 0x00000000 |
Memory Dumps (12)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|
89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe | 1 | 0x002C0000 | 0x0037FFFF | Relevant Image | 32-bit | - |
...
|
||
buffer | 1 | 0x003F0000 | 0x00408FFF | Reflectively Loaded .NET Assembly | 32-bit | - |
...
|
||
buffer | 1 | 0x00600000 | 0x00602FFF | Reflectively Loaded .NET Assembly | 32-bit | - |
...
|
||
buffer | 1 | 0x05DD0000 | 0x05E3AFFF | Reflectively Loaded .NET Assembly | 32-bit | - |
...
|
||
89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe | 1 | 0x002C0000 | 0x0037FFFF | Final Dump | 32-bit | - |
...
|
||
buffer | 1 | 0x04B30000 | 0x04B66FFF | Reflectively Loaded .NET Assembly | 32-bit | - |
...
|
||
buffer | 5 | 0x00400000 | 0x00439FFF | Content Changed | 32-bit | - |
...
|
||
89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe | 5 | 0x002C0000 | 0x0037FFFF | Relevant Image | 32-bit | - |
...
|
||
89823f7c472a09c6062578082579da7f8cdb093c99de1a7c92aafa5d741c7316.exe | 1 | 0x002C0000 | 0x0037FFFF | Process Termination | 32-bit | - |
...
|
||
zwllfjvv.exe | 10 | 0x00920000 | 0x009DFFFF | Relevant Image | 32-bit | - |
...
|
||
buffer | 10 | 0x00760000 | 0x00778FFF | Reflectively Loaded .NET Assembly | 32-bit | - |
...
|
||
zwllfjvv.exe | 10 | 0x00920000 | 0x009DFFFF | Final Dump | 32-bit | - |
...
|
c:\users\keecfmwgj\appdata\local\gdipfontcachev1.dat | Dropped File | Stream |
Clean
|
...
|
»
c:\users\keecfmwgj\appdata\local\gdipfontcachev1.dat | Dropped File | Stream |
Clean
|
...
|
»
C:\Users\kEecfMwgj\AppData\Local\Temp\tmp9370.tmp | Dropped File | Text |
Clean
|
...
|
»
b5a21327195e386b76f3b3342150cd99ce579fa406e733e2a4952a61eabc5330 | Extracted File | Image |
Clean
|
...
|
»