AgentTesla.v4 | 16bd420d8eb6

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\kEecfMwgj\Desktop\2023081921.exe

Sample File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	2.28 MB
MD5	f1fff084da0c4dab27b7eafbeb49aedb
SHA1	5367ffc156f6d224d83c3566c811d308692506a7
SHA256	16bd420d8eb671ac24fe12160403e5d95b9a3b0f5e13a286c36dbeb363ccadb7
SSDeep	3072:NnJXq/vdkF+1flC3vw3+6YsdywnYFRMCdkxzGuP0ULga6Z6XWExYgrMqTfiL5UU7:NnJJ
ImpHash	-

PE Information

Image Base	0x00400000
Size Of Code	0x00242E71
Size Of Initialized Data	0x00006032
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_AMD64
Compile Timestamp	2096-02-04 11:38 (UTC)

Version Information (11)

Comments	Update from Java t
CompanyName	Update from Java
FileDescription	Update from Java
FileVersion	1.0.0.0
InternalName	NorthAmericaUpdate.exe
LegalCopyright	Copyright © 2024
LegalTrademarks	-
OriginalFilename	NorthAmericaUpdate.exe
ProductName	Update from Java
ProductVersion	1.0.0.0
Assembly Version	1.0.0.0

Sections (2)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x00242E71	0x00243000	0x00000200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	3.1
.rsrc	0x00646000	0x0000604E	0x00006200	0x00243200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.63

Memory Dumps (25)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
2023081921.exe	1	0x00BF0000	0x00E3DFFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00AC0000	0x00AF9FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B350000	0x1B3DEFFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B350000	0x1B3DEFFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B350000	0x1B3DEFFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B350000	0x1B3DEFFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B350000	0x1B3DEFFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B350000	0x1B3DEFFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B350000	0x1B3DEFFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B350000	0x1B3DEFFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B350000	0x1B3DEFFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B350000	0x1B3DEFFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B350000	0x1B3DEFFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B350000	0x1B3DEFFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B350000	0x1B3DEFFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B350000	0x1B3DEFFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B350000	0x1B3DEFFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B350000	0x1B3DEFFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B350000	0x1B3DEFFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B350000	0x1B3DEFFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B350000	0x1B3DEFFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B350000	0x1B3DEFFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B350000	0x1B3DEFFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B350000	0x1B3DEFFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
2023081921.exe	1	0x00BF0000	0x00E3DFFF	Process Termination	64-bit	-	... Actions Go to Process Download Dump

e74fdc72000449bdd24e559d7db4a16b831037dcaf9ed213ad5a6d7199f30158

Extracted File

Image

Parent File	C:\Users\kEecfMwgj\Desktop\2023081921.exe
MIME Type	image/png
File Size	7.16 KB
MD5	ae13114fd29fabf469ef77d3349f25cc
SHA1	eb02aa734c4b72a04c3d231756283a110a443e67
SHA256	e74fdc72000449bdd24e559d7db4a16b831037dcaf9ed213ad5a6d7199f30158
SSDeep	96:qJ2W8ZlcY3aq+yeq8QgYDrCasPi6ZK0vCiW3aAW9dUt9qvw4hpbGHjFoNA:qJP8ZKq4qNgYDrFswaAW92G/mV
ImpHash	-

Remarks (1/1)

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information