Agent Tesla is spyware that collects information about the actions of its victims by recording keystrokes and user interactions. It is falsely marketed as a legitimate software on the dedicated website where this malware is sold.
MALICIOUS | SUSPICIOUS | INFO |
---|---|---|
AGENTTESLA was detected
|
Application launched itself
|
No info indicators. |
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x000CC850 | 0x000CD000 | IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ | 5.26605 |
.data | 0x000CE000 | 0x00000A2C | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE | 0 |
.rsrc | 0x000CF000 | 0x00003EF0 | 0x00004000 | IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ | 4.85316 |
No exports.
Click at the process to see the details.
Image |
---|
c:\users\admin\appdata\local\temp\product catalogue & quotation.bat.exe |
c:\systemroot\system32\ntdll.dll |
c:\windows\system32\kernelbase.dll |
c:\windows\system32\kernel32.dll |
c:\windows\system32\msvbvm60.dll |
c:\windows\system32\user32.dll |
c:\windows\system32\gdi32.dll |
c:\windows\system32\lpk.dll |
c:\windows\system32\usp10.dll |
c:\windows\system32\msvcrt.dll |
c:\windows\system32\advapi32.dll |
c:\windows\system32\sechost.dll |
c:\windows\system32\rpcrt4.dll |
c:\windows\system32\ole32.dll |
c:\windows\system32\oleaut32.dll |
c:\windows\system32\imm32.dll |
c:\windows\system32\msctf.dll |
c:\windows\system32\cryptbase.dll |
c:\windows\system32\sxs.dll |
c:\windows\system32\cryptsp.dll |
c:\windows\system32\rsaenh.dll |
c:\windows\system32\clbcatq.dll |
c:\windows\system32\shell32.dll |
c:\windows\system32\shlwapi.dll |
c:\windows\system32\apphelp.dll |
Image |
---|
c:\users\admin\appdata\local\temp\product catalogue & quotation.bat.exe |
c:\systemroot\system32\ntdll.dll |
c:\windows\system32\kernel32.dll |
c:\windows\system32\kernelbase.dll |
c:\windows\system32\msvbvm60.dll |
c:\windows\system32\user32.dll |
c:\windows\system32\gdi32.dll |
c:\windows\system32\lpk.dll |
c:\windows\system32\usp10.dll |
c:\windows\system32\msvcrt.dll |
c:\windows\system32\advapi32.dll |
c:\windows\system32\sechost.dll |
c:\windows\system32\rpcrt4.dll |
c:\windows\system32\ole32.dll |
c:\windows\system32\oleaut32.dll |
c:\windows\system32\imm32.dll |
c:\windows\system32\msctf.dll |
c:\windows\system32\shell32.dll |
c:\windows\system32\shlwapi.dll |
c:\windows\system32\mscoree.dll |
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll |
c:\windows\system32\version.dll |
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll |
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll |
c:\windows\system32\profapi.dll |
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll |
c:\windows\system32\cryptbase.dll |
c:\windows\system32\cryptsp.dll |
c:\windows\system32\rsaenh.dll |
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll |
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll |
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll |
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll |
c:\windows\system32\bcrypt.dll |
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\08d608378aa405adc844f3cf36974b8c\microsoft.visualbasic.ni.dll |
c:\windows\system32\rpcrtremote.dll |
c:\windows\system32\clbcatq.dll |
c:\windows\system32\wbem\wbemdisp.dll |
c:\windows\system32\ws2_32.dll |
c:\windows\system32\wbemcomn.dll |
c:\windows\system32\nsi.dll |
c:\windows\system32\wbem\wbemprox.dll |
c:\windows\system32\wbem\wmiutils.dll |
c:\windows\system32\wbem\wbemsvc.dll |
c:\windows\system32\wbem\fastprox.dll |
c:\windows\system32\ntdsapi.dll |
c:\windows\system32\sxs.dll |
c:\windows\assembly\nativeimages_v2.0.50727_32\custommarshalers\bf7e7494e75e32979c7824a07570a8a9\custommarshalers.ni.dll |
c:\windows\assembly\gac_32\custommarshalers\2.0.0.0__b03f5f7f11d50a3a\custommarshalers.dll |
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\system.management.ni.dll |
c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll |
c:\windows\system32\sspicli.dll |
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\bc09ad2d49d8535371845cd7532f9271\system.configuration.ni.dll |
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll |
c:\windows\system32\rasapi32.dll |
c:\windows\system32\rasman.dll |
c:\windows\system32\rtutils.dll |
c:\windows\system32\mswsock.dll |
c:\windows\system32\wshtcpip.dll |
c:\windows\system32\wship6.dll |
c:\windows\system32\winhttp.dll |
c:\windows\system32\webio.dll |
c:\windows\system32\iphlpapi.dll |
c:\windows\system32\winnsi.dll |
c:\windows\system32\dhcpcsvc6.dll |
c:\windows\system32\dhcpcsvc.dll |
c:\windows\system32\dnsapi.dll |
c:\windows\system32\rasadhlp.dll |
c:\windows\system32\fwpuclnt.dll |
c:\windows\system32\shfolder.dll |
c:\windows\assembly\nativeimages_v2.0.50727_32\system.security\d9a485330ec2708456134e4a9712a4ab\system.security.ni.dll |
c:\windows\system32\crypt32.dll |
c:\windows\system32\msasn1.dll |
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll |
c:\windows\system32\ieframe.dll |
c:\windows\system32\psapi.dll |
c:\windows\system32\oleacc.dll |
c:\windows\system32\iertutil.dll |
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll |
c:\windows\system32\mlang.dll |
c:\windows\system32\wininet.dll |
c:\windows\system32\urlmon.dll |
c:\windows\system32\vaultcli.dll |
c:\windows\system32\wshom.ocx |
c:\windows\system32\mpr.dll |
c:\windows\system32\scrrun.dll |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3920 | Product catalogue & Quotation.bat.exe | GET | 200 | 52.202.139.131:80 | http://checkip.amazonaws.com/ | US |
text
|
|
shared |
PID | Process | IP | ASN | CN | Reputation |
---|---|---|---|---|---|
3920 | Product catalogue & Quotation.bat.exe | 52.202.139.131:80 | Amazon.com, Inc. | US | shared |
3920 | Product catalogue & Quotation.bat.exe | 208.91.199.223:587 | PDR | US | shared |
No debug info.