在线病毒检测器 | v.1.0.191.174 |
数据库版本: | 2024-09-26 01:00:22 |
AgentTesla是一种基于.Net框架构建的远程访问木马(RAT),主要用于获取系统的初始访问权限。它经常在恶意软件即服务(MaaS)的框架内使用。在这种非法的商业模式中,被称为“初始访问代理人”(IAB)的个人提供专业的专业知识,以供寻求利用企业网络的犯罪团伙使用。作为初始阶段的恶意软件,AgentTesla促进了对受感染系统的远程访问,随后允许下载更高级的次要工具,包括勒索软件。
File | ArabRust_Launcher.exe |
已检查 | 2024-09-25 22:20:17 |
MD5 | c03c48b46c77b10987f2be02aa29b589 |
SHA1 | a17d5af0ea540aec8b93f2bf0810e5ef6bcf47e7 |
SHA256 | 7efba6fdf3662ca330428b28cbbcebc8cbee143d2312b0ae1f2859bc854eff6a |
SHA512 | 1e299399df202ea88738b93d60edb0ae25ad79b19294445a7420669af5d5f3832a38e245527b864b6449e1fccbaaab5efe1ef4694e3e445c0243e6384de96b10 |
Imphash | 22f9e119b41f7fcf861775a907b5e661 |
File Size | 5269504 bytes |
Gridinsoft能够识别并消除Trojan.Win64.AgentTesla.tr,无需进一步的用户干预。
34ffd248a47093a1835bc14cab5e000d ebdb42ce3b9940f6e9bbe1a73f1b41ce e88e33332b2b8ee8 |
|
Image Base: | 0x140000000 |
Entry Point: | 0x140061f5e |
Compilation: | 2024-07-17 11:19:30 |
Checksum: | 0x00000000 (Actual: 0x0051405b) |
OS Version: | 6.0 |
PEiD: | PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows |
Sign: | The PE file does not contain a certificate table. |
Sections: | 9 |
Imports: | MSVCP140, WININET, SHELL32, ADVAPI32, KERNEL32, api-ms-win-crt-math-l1-1-0, api-ms-win-crt-stdio-l1-1-0, api-ms-win-crt-runtime-l1-1-0, api-ms-win-crt-convert-l1-1-0, api-ms-win-crt-heap-l1-1-0, VCRUNTIME140, api-ms-win-crt-filesystem-l1-1-0, api-ms-win-crt-locale-l1-1-0, mscoree, |
Exports: | 0 |
Resources: | 3 |
名称 | 虚拟地址 | 虚拟大小 | 原始大小 | MD5 | 熵 |
---|---|---|---|---|---|
.text | 0x00001000 | 0x00061de7 | 0x00061e00 | 9ddf9ece898f7278e6f108c68015cd25 | 5.77 |
.nep | 0x00063000 | 0x00009ac0 | 0x00009c00 | c2a6a089a99400b48d63af8d54b0fee4 | 3.61 |
.rdata | 0x0006d000 | 0x001560be | 0x00156200 | 20b0aee225534d0ada50d7d01d42fd34 | 5.79 |
.data | 0x001c4000 | 0x0000cd78 | 0x0000a600 | ed5545ab5e8346d9be7797f657606e7b | 2.98 |
.pdata | 0x001d1000 | 0x00000b64 | 0x00000c00 | a1c2293120b8bdf133a96a078f83e96f | 5.27 |
.rsrc | 0x001d2000 | 0x00040ab8 | 0x00040c00 | 5958bc904ffd4e619bf87d3485e35502 | 3.60 |
.reloc | 0x00213000 | 0x0000016c | 0x00000200 | da6587487f43c48c51ca8f29eee7b88a | 4.12 |
.text | 0x00214000 | 0x002b7b04 | 0x002b7c00 | 227bb0e87ef9d66138cf4ad160a042e8 | 7.20 |
.rsrc | 0x004cc000 | 0x00040ab0 | 0x00040c00 | 48ef0ffb3754a46caa86653bd3874467 | 3.60 |