Malicious
Classifications
Spyware
Threat Names
AgentTesla.v3
Dynamic Analysis Report
Created on 2022-05-05T06:29:03+00:00
b7c3b077777303227947d62064fea23a1473f57c07575476e97c92a811b37c46.exe
Windows Exe (x86-32)
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\RDhJ0CNFevzX\Desktop\b7c3b077777303227947d62064fea23a1473f57c07575476e97c92a811b37c46.exe | Sample File | Binary |
Malicious
|
...
|
»
PE Information
»
Image Base | 0x00400000 |
Entry Point | 0x00496FA2 |
Size Of Code | 0x00095000 |
Size Of Initialized Data | 0x00001600 |
File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Machine Type | IMAGE_FILE_MACHINE_I386 |
Compile Timestamp | 2060-12-19 22:41 (UTC+1) |
Version Information (11)
»
Comments | |
CompanyName | HP Inc. |
FileDescription | Snake Game |
FileVersion | 1.0.0.0 |
InternalName | NonGenericToGenericEnumera.exe |
LegalCopyright | Copyright © HP Inc. 2020 |
LegalTrademarks | |
OriginalFilename | NonGenericToGenericEnumera.exe |
ProductName | Snake Game |
ProductVersion | 1.0.0.0 |
Assembly Version | 1.0.0.0 |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x00402000 | 0x00094FA8 | 0x00095000 | 0x00000200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.83 |
.rsrc | 0x00498000 | 0x00001244 | 0x00001400 | 0x00095200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.83 |
.reloc | 0x0049A000 | 0x0000000C | 0x00000200 | 0x00096600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.1 |
Imports (1)
»
mscoree.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | - | 0x00402000 | 0x00096F78 | 0x00095178 | 0x00000000 |
Memory Dumps (17)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|
b7c3b077777303227947d62064fea23a1473f57c07575476e97c92a811b37c46.exe | 1 | 0x00400000 | 0x0049BFFF | Relevant Image | 32-bit | - |
...
|
||
buffer | 1 | 0x075B0000 | 0x075C1FFF | Reflectively Loaded .NET Assembly | 32-bit | - |
...
|
||
buffer | 1 | 0x07B90000 | 0x07C07FFF | Reflectively Loaded .NET Assembly | 32-bit | - |
...
|
||
buffer | 1 | 0x07C20000 | 0x07C56FFF | Reflectively Loaded .NET Assembly | 32-bit | - |
...
|
||
buffer | 2 | 0x00400000 | 0x00439FFF | Content Changed | 32-bit | - |
...
|
||
b7c3b077777303227947d62064fea23a1473f57c07575476e97c92a811b37c46.exe | 1 | 0x00400000 | 0x0049BFFF | Process Termination | 32-bit | - |
...
|
||
buffer | 2 | 0x0532E000 | 0x0532FFFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 2 | 0x0512F000 | 0x0512FFFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 2 | 0x04FCF000 | 0x04FCFFFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 2 | 0x04F4E000 | 0x04F4FFFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 2 | 0x04E0E000 | 0x04E0FFFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 2 | 0x0429E000 | 0x0429FFFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 2 | 0x00199000 | 0x0019FFFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 2 | 0x00400000 | 0x00439FFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 2 | 0x004D9D60 | 0x004D9DDF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 2 | 0x004D9DE8 | 0x004D9E67 | First Network Behavior | 32-bit | - |
...
|
||
buffer | 2 | 0x007B30A0 | 0x007B311F | First Network Behavior | 32-bit | - |
...
|