Malicious
Classifications
Spyware Injector
Threat Names
Agent Tesla v3 Trojan.GenericKD.36177418
Dynamic Analysis Report
Created on 2021-03-16T11:10:00
fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe
Windows Exe (x86-32)
Remarks (2/2)
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\kEecfMwgj\Desktop\fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe | Sample File | Binary |
malicious
|
...
|
»
AV Matches (1)
»
Threat Name | Verdict |
---|---|
Trojan.GenericKD.36177418 |
malicious
|
PE Information
»
Image Base | 0x400000 |
Entry Point | 0x51780e |
Size Of Code | 0x115a00 |
Size Of Initialized Data | 0x2fc00 |
File Type | FileType.executable |
Subsystem | Subsystem.windows_gui |
Machine Type | MachineType.i386 |
Compile Timestamp | 2021-01-19 01:12:03+00:00 |
Version Information (11)
»
Comments | Principle Pleasure |
CompanyName | - |
FileDescription | Record Bgy System |
FileVersion | 7.20.17.0 |
InternalName | AlgorithmClass.exe |
LegalCopyright | Copyright © 2019 Principle Pleasure |
LegalTrademarks | - |
OriginalFilename | AlgorithmClass.exe |
ProductName | Record Bgy System |
ProductVersion | 7.20.17.0 |
Assembly Version | 7.20.17.0 |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x402000 | 0x115814 | 0x115a00 | 0x200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.28 |
.rsrc | 0x518000 | 0x2fa00 | 0x2fa00 | 0x115c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.27 |
.reloc | 0x548000 | 0xc | 0x200 | 0x145600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.1 |
Imports (1)
»
mscoree.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | - | 0x402000 | 0x1177dc | 0x1159dc | 0x0 |
Memory Dumps (1)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | AV | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|---|
fcf182d0ea46a01f7c98913ca565dec004c635eda697ef4be7b7d93beb1945f9.exe | 1 | 0x012B0000 | 0x013F9FFF | Relevant Image | 32-bit | - |
...
|
C:\Users\kEecfMwgj\AppData\Roaming\CsGlckR\CsGlckR.exe | Dropped File | Binary |
suspicious
|
...
|
»
PE Information
»
Image Base | 0x400000 |
Entry Point | 0x408356 |
Size Of Code | 0x6400 |
Size Of Initialized Data | 0xc00 |
File Type | FileType.executable |
Subsystem | Subsystem.windows_cui |
Machine Type | MachineType.i386 |
Compile Timestamp | 2019-03-28 06:49:21+00:00 |
Version Information (10)
»
CompanyName | Microsoft Corporation |
FileDescription | Microsoft .NET Services Installation Utility |
FileVersion | 4.8.3761.0 built by: NET48REL1 |
InternalName | RegSvcs.exe |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | RegSvcs.exe |
ProductName | Microsoft® .NET Framework |
ProductVersion | 4.8.3761.0 |
Comments | Flavor=Retail |
PrivateBuild | DDBLD438 |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x402000 | 0x635c | 0x6400 | 0x200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.1 |
.rsrc | 0x40a000 | 0x938 | 0xa00 | 0x6600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.36 |
.reloc | 0x40c000 | 0xc | 0x200 | 0x7000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.08 |
Imports (1)
»
mscoree.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | - | 0x402000 | 0x832c | 0x652c | 0x0 |
Digital Signature Information
»
Verification Status | Valid |
Certificate: Microsoft Corporation
»
Issued by | Microsoft Corporation |
Parent Certificate | Microsoft Code Signing PCA |
Country Name | US |
Valid From | 2018-07-12 22:11 (UTC+2) |
Valid Until | 2019-07-26 22:11 (UTC+2) |
Algorithm | sha1_rsa |
Serial Number | 33 00 00 01 B1 DD ED BA 54 E9 65 B8 5F 00 01 00 00 01 B1 |
Thumbprint | 9D C1 78 88 B5 CF AD 98 B3 CB 35 C1 99 4E 96 22 7F 06 16 75 |
Certificate: Microsoft Code Signing PCA
»
Issued by | Microsoft Code Signing PCA |
Country Name | US |
Valid From | 2010-09-01 00:19 (UTC+2) |
Valid Until | 2020-09-01 00:29 (UTC+2) |
Algorithm | sha1_rsa |
Serial Number | 61 33 26 1A 00 00 00 00 00 31 |
Thumbprint | 3C AF 9B A2 DB 55 70 CA F7 69 42 FF 99 10 1B 99 38 88 E2 57 |
C:\Users\kEecfMwgj\AppData\Local\Temp\tmpC3E3.tmp | Dropped File | Text |
clean
|
...
|
»
c:\users\keecfmwgj\appdata\local\temp\cab225e.tmp | Downloaded File | CAB |
clean
|
...
|
»
Archive Information
»
Number of Files | 1 |
Number of Folders | 0 |
Size of Packed Archive Contents | 149.21 KB |
Size of Unpacked Archive Contents | 149.21 KB |
File Format | cab |
Contents (1)
»
File Name | Packed Size | Unpacked Size | Compression | Is Encrypted | Modify Time | Severity | Recursively Submitted | Actions |
---|---|---|---|---|---|---|---|---|
authroot.stl | 149.21 KB | 149.21 KB | MSZip | 2021-03-02 23:31 (UTC+1) |
Clean
|
- |
...
|