AgentTesla | ac71f9ab4ccb

C:\Users\RDhJ0CNFevzX\Desktop\Draft Itinerary 2024 tour plan - A Best Outbound client.exe

Sample File

Binary

»

MIME Type	application/vnd.microsoft.portable-executable
File Size	1.05 MB
MD5	65bcf2c6ef1e115e4cc4e15e5a83bdfb
SHA1	e5830a23d3f18a44d99d34f1e8126283ab9a8caa
SHA256	ac71f9ab4ccb920a493508b0e0577b31fe547aa07e914f58f1def47d08ebcf7d
SSDeep	24576:HeQvWEQwYIFI8mZguwdH602ykWN2d+LuPE37oXMz:HeQvqwYIFB/IxCaPE38Xa
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

»

Verdict	Malicious
Names	Mal/Generic-S

PE Information

»

Image Base	0x00400000
Entry Point	0x005018EE
Size Of Code	0x000FFA00
Size Of Initialized Data	0x00009200
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2076-12-07 20:05 (UTC+1)

Version Information (11)

»

Comments	-
CompanyName	-
FileDescription	OKJhBah6
FileVersion	1.0.0.0
InternalName	OKJhBah6.exe
LegalCopyright	Copyright © 2024
LegalTrademarks	-
OriginalFilename	OKJhBah6.exe
ProductName	OKJhBah6
ProductVersion	1.0.0.0
Assembly Version	1.0.0.0

Sections (4)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x000FF8F4	0x000FFA00	0x00000400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	7.95
.sdata	0x00502000	0x00000162	0x00000200	0x000FFE00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	5.99
.rsrc	0x00504000	0x00008DAC	0x00008E00	0x00100000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.29
.reloc	0x0050E000	0x0000000C	0x00000200	0x00108E00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

»

mscoree.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x00402000	0x001018C8	0x000FFCC8	0x00000000

Digital Signature Information

»

Verification Status

Failed

Certificate: philandro Software GmbH

»

Issued by	philandro Software GmbH
Parent Certificate	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Country Name	DE
Valid From	2021-12-13 01:00 (UTC+1)
Valid Until	2025-01-09 00:59 (UTC+1)
Algorithm	sha256_rsa
Serial Number	0D BF 15 2D EA F0 B9 81 A8 A9 38 D5 3F 76 9D B8
Thumbprint	9C D1 DD B7 8E D0 52 82 35 3B 20 CD FE 8F A0 A4 FB 6C 1E CE

Certificate: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1

»

Issued by	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Parent Certificate	DigiCert Trusted Root G4
Country Name	US
Valid From	2021-04-29 02:00 (UTC+2)
Valid Until	2036-04-29 01:59 (UTC+2)
Algorithm	sha384_rsa
Serial Number	08 AD 40 B2 60 D2 9C 4C 9F 5E CD A9 BD 93 AE D9
Thumbprint	7B 0F 36 0B 77 5F 76 C9 4A 12 CA 48 44 5A A2 D2 A8 75 70 1C

Certificate: DigiCert Trusted Root G4

»

Issued by	DigiCert Trusted Root G4
Country Name	US
Valid From	2022-08-01 02:00 (UTC+2)
Valid Until	2031-11-10 00:59 (UTC+1)
Algorithm	sha384_rsa
Serial Number	0E 9B 18 8E F9 D0 2D E7 EF DB 50 E2 08 40 18 5A
Thumbprint	A9 9D 5B 79 E9 F1 CD A5 9C DA B6 37 31 69 D5 35 3F 58 74 C6

Memory Dumps (3)

»

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
draft itinerary 2024 tour plan - a best outbound client.exe	1	0x00B70000	0x00C7FFFF	Relevant Image	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00D50000	0x00D54FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
draft itinerary 2024 tour plan - a best outbound client.exe	1	0x00B70000	0x00C7FFFF	Process Termination	32-bit	-	... Actions Go to Process Download Dump

a1ade8321bec6b006f7bb387789eb89b90a51a1a0b2cb723f432a836a9810be0

Downloaded File

Text

»

MIME Type	text/plain
File Size	1.14 KB
MD5	6910486f07832de4a9540ef2e659848b
SHA1	7b644b77801aca4e9131733a593bb3aa32cee176
SHA256	a1ade8321bec6b006f7bb387789eb89b90a51a1a0b2cb723f432a836a9810be0
SSDeep	12:LxNi97z0yWNimmEWNiR02QpXIrxMXUFH5SanuzxGHJOVnl54HmrbzoFWNikx7zz8:LiIJ8hIlOUCa+xCOVEGrbsq9FjJxK3
ImpHash	-

2d08a668532bcb703a130a12e07f30c1892633a6752e96c8eb0e9394dbf08da2

Downloaded File

Unknown

»

MIME Type	application/json
File Size	45 Bytes
MD5	d53e370fc0348b8dd7bfbe9fcd4d7017
SHA1	3646ca0b3dd975f66da4fd9111d154f48b03f0a3
SHA256	2d08a668532bcb703a130a12e07f30c1892633a6752e96c8eb0e9394dbf08da2
SSDeep	3:YIzSLMTOHzD1W:YIUcOTDg
ImpHash	-

2ed27c1421e6928dbe13dbfdb5c59e1045b30341fe7ebe05700006bc5ac572c0

Downloaded File

Text

»

MIME Type	text/plain
File Size	6 Bytes
MD5	d42f2da1df5ecdf29be4ac27edda0c12
SHA1	b73d74fcede92cdd78ec92c2c5899671d1b32044
SHA256	2ed27c1421e6928dbe13dbfdb5c59e1045b30341fe7ebe05700006bc5ac572c0
SSDeep	3:ovn:ovn
ImpHash	-

File Reputation Information

»

Verdict

Clean

Remarks (1/1)

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information