agenttesla | 2076-54-0x0000000002000000-0x0000000002046000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2076-54-0x0000000002000000-0x0000000002046000-memory.dmp
Size

280KB
MD5

3152138264454dd6991c32f8a94650b0
SHA1

ed65c6e45f93441766a70f623026f58f7adcc365
SHA256

ce07758bb5321f07bcea38dde9a266b0ff0363902554a89319abe543d5561cb3
SHA512

15e61a779ee0728c9c57f420cee240af901a617f4d61eac21f1df7f6eed1cc9809ecffade6b55ce7610f1d70cee1c5111e84b9db9b8167a51bb5465be2c25b3a
SSDEEP

6144:pLOrl1hFz7mv4p1kGL67krAWarJ6CF3iPZAb/ejrFcTIoArcsEQikOxJm/wPAx8l:pMMsEfFmxx6zvqo

Score

10^/10

agenttesla

Malware Config

Signatures

Agenttesla family
agenttesla

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2076-54-0x0000000002000000-0x0000000002046000-memory.dmp

Files

2076-54-0x0000000002000000-0x0000000002046000-memory.dmp
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 254KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ