Try VMRay Platform
Malicious
Classifications

Spyware

Threat Names

AgentTesla AgentTesla.v3

Dynamic Analysis Report

Created on 2022-04-07T16:10:00

d73763f8b8d4eb91dec386eb7a2ebf9a8a9b40c6b028d57e6144ed74551d460b.exe

Windows Exe (x86-32)
...
Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\d73763f8b8d4eb91dec386eb7a2ebf9a8a9b40c6b028d57e6144ed74551d460b.exe Sample File Binary
malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 434.50 KB
MD5 189ad2733ba3c8baa0d9fb41e4223d92 Copy to Clipboard
SHA1 90d2762579dfd97d7b767662566f3a623766dd0a Copy to Clipboard
SHA256 d73763f8b8d4eb91dec386eb7a2ebf9a8a9b40c6b028d57e6144ed74551d460b Copy to Clipboard
SSDeep 12288:wJrxvRItNiL65tIekTAEr4xwWEL9KHHvxosMKnd:8fsiL65t7kT1rjhKHH5os Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x46de76
Size Of Code 0x6c000
Size Of Initialized Data 0x800
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2022-04-07 11:27:54+00:00
Version Information (11)
»
Comments -
CompanyName Microsoft
FileDescription Daily Notes
FileVersion 1.0.0.0
InternalName HEhUz.exe
LegalCopyright Copyright © 2016
LegalTrademarks -
OriginalFilename HEhUz.exe
ProductName Daily Notes
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0x6be7c 0x6c000 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.86
.rsrc 0x46e000 0x5b4 0x600 0x6c200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.12
.reloc 0x470000 0xc 0x200 0x6c800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x402000 0x6de4c 0x6c04c 0x0
Memory Dumps (37)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
d73763f8b8d4eb91dec386eb7a2ebf9a8a9b40c6b028d57e6144ed74551d460b.exe 1 0x00400000 0x00471FFF Relevant Image False 32-bit - False
...
buffer 1 0x04A00000 0x04A04FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x06AD0000 0x06B4FFFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x06B50000 0x06B86FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x06AD0000 0x06B4FFFF Marked Executable False 32-bit - False
...
buffer 1 0x06AD0000 0x06B4FFFF Marked Executable False 32-bit - False
...
buffer 1 0x06AD0000 0x06B4FFFF Marked Executable False 32-bit - False
...
buffer 1 0x06AD0000 0x06B4FFFF Marked Executable False 32-bit - False
...
buffer 1 0x06AD0000 0x06B4FFFF Marked Executable False 32-bit - False
...
buffer 1 0x06AD0000 0x06B4FFFF Marked Executable False 32-bit - False
...
buffer 1 0x06AD0000 0x06B4FFFF Marked Executable False 32-bit - False
...
buffer 1 0x06AD0000 0x06B4FFFF Marked Executable False 32-bit - False
...
buffer 1 0x06AD0000 0x06B4FFFF Marked Executable False 32-bit - False
...
buffer 1 0x06AD0000 0x06B4FFFF Marked Executable False 32-bit - False
...
buffer 1 0x06AD0000 0x06B4FFFF Marked Executable False 32-bit - False
...
buffer 1 0x06AD0000 0x06B4FFFF Marked Executable False 32-bit - False
...
buffer 1 0x06AD0000 0x06B4FFFF Marked Executable False 32-bit - False
...
buffer 1 0x06AD0000 0x06B4FFFF Marked Executable False 32-bit - False
...
buffer 1 0x06AD0000 0x06B4FFFF Marked Executable False 32-bit - False
...
buffer 1 0x06AD0000 0x06B4FFFF Marked Executable False 32-bit - False
...
buffer 1 0x06AD0000 0x06B4FFFF Marked Executable False 32-bit - False
...
buffer 1 0x06AD0000 0x06B4FFFF Marked Executable False 32-bit - False
...
buffer 1 0x06AD0000 0x06B4FFFF Marked Executable False 32-bit - False
...
buffer 1 0x06AD0000 0x06B4FFFF Marked Executable False 32-bit - False
...
buffer 1 0x06AD0000 0x06B4FFFF Marked Executable False 32-bit - False
...
buffer 1 0x06AD0000 0x06B4FFFF Marked Executable False 32-bit - False
...
buffer 2 0x00400000 0x00439FFF Content Changed False 32-bit - True
...
buffer 2 0x0532E000 0x0532FFFF First Network Behavior False 32-bit - False
...
buffer 2 0x0510F000 0x0510FFFF First Network Behavior False 32-bit - False
...
buffer 2 0x04FCF000 0x04FCFFFF First Network Behavior False 32-bit - False
...
buffer 2 0x04F4E000 0x04F4FFFF First Network Behavior False 32-bit - False
...
buffer 2 0x04E0E000 0x04E0FFFF First Network Behavior False 32-bit - False
...
buffer 2 0x0431E000 0x0431FFFF First Network Behavior False 32-bit - False
...
buffer 2 0x00199000 0x0019FFFF First Network Behavior False 32-bit - False
...
buffer 2 0x00511E68 0x00511EE7 First Network Behavior False 32-bit - False
...
buffer 2 0x005122A8 0x00512327 First Network Behavior False 32-bit - False
...
buffer 2 0x009F30A0 0x009F311F First Network Behavior False 32-bit - False
...
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image