agenttesla | 1808-74-0x0000000000400000-0x000000000043F000-memory[.]dmp | Triage

Sharing

General

Target

1808-74-0x0000000000400000-0x000000000043F000-memory.dmp
Size

252KB
MD5

8bbab7418675d72363d03ae209dad5cb
SHA1

09b417d68a4dc7bc8463740f89f14e7dc0c76c43
SHA256

b6f696764f50b5fddc8204a9b35053da3a097dc54cf8e740635e042bbee0419c
SHA512

6a5073a5beaa0f64876bb4f0f2de1a81a09d3b73114673866f817fe2b29a100fa72f58dfcc3f67339b8b1e503a99c9789c37e0800c88cf75c01f380270acfb0f
SSDEEP

3072:DefNOSBdA1t90TAaZWm3mG9KRrpU2uTBhlVqUjfwye+POmW++no//M:ZSqzWV2J22WBjVRzNDOTN

Score

10^/10

agenttesla

Malware Config

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1808-74-0x0000000000400000-0x000000000043F000-memory.dmp

Files

1808-74-0x0000000000400000-0x000000000043F000-memory.dmp
.exe windows x86

009023b6b22e202aa54365d2270f6f95

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
FreeResource
CloseHandle
WriteFile
CreateFileA
MoveFileExA
GetTempFileNameA
GetTempPathA
LockResource
LoadResource
SizeofResource
FindResourceA
GetModuleHandleA
GetStartupInfoA

shell32

ShellExecuteA

msvcrt

sprintf
_exit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter

Sections

.text
Size: 4KB - Virtual size: 796B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 822B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ