AgentTesla.v3 | c36ec3f847b8

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\AppData\Roaming\HSpMzoJ\HSpMzoJ.exe

Sample File

Binary

Also Known As	C:\Users\RDhJ0CNFevzX\Desktop\c36ec3f847b81b6e59ee1e6d17544ee886a3a85105d1aa06646df073f8590838.exe (VM File, Sample File, Accessed File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	610.00 KB
MD5	5bbcc9d01bd32453756a8e65edd2723a
SHA1	48a5b77ef099971fb4d7e9fbd47cc20d910767e6
SHA256	c36ec3f847b81b6e59ee1e6d17544ee886a3a85105d1aa06646df073f8590838
SSDeep	12288:4k+Ef3acL8IztuR0b1Ivtj/9m2L2I26JEScveXyrbREL8AMOwvPI4IsHhIDL:zR128T2XyrbRET4I4lHWL
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

PE Information

Image Base	0x00400000
Entry Point	0x0049E00A
Size Of Code	0x0008C000
Size Of Initialized Data	0x0000C400
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2103-10-05 23:31 (UTC+2)

Version Information (11)

Comments
CompanyName	sandboxie-plus.com
FileDescription	Sandboxie Installer
FileVersion	1.0.0.0
InternalName	LoaderOptimizat.exe
LegalCopyright	Copyright © 2020-2021 by David Xanatos (xanasoft.com)
LegalTrademarks
OriginalFilename	LoaderOptimizat.exe
ProductName	Sandboxie
ProductVersion	1.0.0.0
Assembly Version	1.0.0.0

Sections (5)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
>Uuj	0x00402000	0x0000BB14	0x0000BC00	0x00000400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	8.0
.text	0x0040E000	0x0008BDD0	0x0008BE00	0x0000C000	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	7.92
.rsrc	0x0049A000	0x00000410	0x00000600	0x00097E00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	2.39
.reloc	0x0049C000	0x0000000C	0x00000200	0x00098400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1
	0x0049E000	0x00000010	0x00000200	0x00098600	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	0.12

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x0049E000	0x0000E920	0x0000C920	0x00000000

Memory Dumps (23)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
c36ec3f847b81b6e59ee1e6d17544ee886a3a85105d1aa06646df073f8590838.exe	1	0x00400000	0x0049FFFF	Relevant Image	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00620000	0x006B8FFF	First Execution	32-bit	0x006B0051	... Actions Go to Process Download Dump
buffer	1	0x06C40000	0x06C51FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02020000	0x02096FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x09F10000	0x09F46FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x00400000	0x00439FFF	Content Changed	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
c36ec3f847b81b6e59ee1e6d17544ee886a3a85105d1aa06646df073f8590838.exe	1	0x00400000	0x0049FFFF	Process Termination	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x00400000	0x00439FFF	Final Dump	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
buffer	2	0x005B8608	0x005B8687	Final Dump	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x005B9130	0x005B91AF	Final Dump	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x007F6580	0x007F65FF	Final Dump	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x0544E000	0x0544FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x0520F000	0x0520FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x050CF000	0x050CFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x04F4E000	0x04F4FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x04E0E000	0x04E0FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x0427E000	0x0427FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x00199000	0x0019FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x00400000	0x00439FFF	First Network Behavior	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
buffer	2	0x005B8608	0x005B8687	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x005B9130	0x005B91AF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x006D0000	0x00768FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	2	0x007F6580	0x007F65FF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump

Remarks (1/1)

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information