agilemail.exe

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.slimb.com.
MD5:
519a12b4d4fb122614d423656e0461d3

SHA-1:
10c295f128aeb1ae410910dc7b6f0a07b0562879

SHA-256:
2a1d8cc50a304f1200fa5e9109b5e67a772f0ec891338a4b4e8c5272c310e469

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/15/2024 3:38:29 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
UnclassifiedMalware
17483

Dr.Web
Trojan.PWS.Banker.origin
9.0.1.0358

File size:
417.3 KB (427,290 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

File PE Metadata
Compilation timestamp:
1/12/2002 3:49:24 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:yXD48G0DHF6ClxumP9rNNA4HQrp2GDwFrK9HPGK0nSh9GIyi4xNHggolSZ2QHEY8:m7qmP9rN3HWDwFr8vCgyy4ZxBJUW0FZ

Entry address:
0x455E

Entry point:
83, EC, 0C, 53, 56, 57, FF, 15, 20, 71, 40, 00, 05, E8, 03, 00, 00, BE, 60, FD, 41, 00, 89, 44, 24, 10, B3, 20, FF, 15, 28, 70, 40, 00, 68, 00, 04, 00, 00, FF, 15, 28, 71, 40, 00, 50, 56, FF, 15, 08, 71, 40, 00, 80, 3D, 60, FD, 41, 00, 22, 75, 08, 80, C3, 02, BE, 61, FD, 41, 00, 8A, 06, 8B, 3D, F0, 71, 40, 00, 84, C0, 74, 0F, 3A, C3, 74, 0B, 56, FF, D7, 8B, F0, 8A, 06, 84, C0, 75, F1, 80, 3E, 00, 74, 05, 56, FF, D7, 8B, F0, 89, 74, 24, 14, 80, 3E, 20, 75, 07, 56, FF, D7, 8B, F0, EB, F4, 80, 3E, 2F, 75, 21...
 
[+]

Entropy:
7.9589

Packer / compiler:
Nullsoft PiMP Install System v1.x

Code size:
24 KB (24,576 bytes)

The file agilemail.exe has been seen being distributed by the following URL.

Scan agilemail.exe - Powered by Reason Core Security