Behavioral task
behavioral1
Sample
1528-66-0x0000000000400000-0x000000000042F000-memory.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1528-66-0x0000000000400000-0x000000000042F000-memory.exe
Resource
win10v2004-20220901-en
General
-
Target
1528-66-0x0000000000400000-0x000000000042F000-memory.dmp
-
Size
188KB
-
MD5
bb6926d132e871a325029f346ac74604
-
SHA1
a52a6800a5d13b5b150e434c4bf17b374d0dd414
-
SHA256
be1f60ad3125f474dc2fb7d8e2ce815f912899c9f27e2d11b9345c0fb1fb9589
-
SHA512
c1155b04ec1464c848646dd75aa6895be353bfef61e8d3fd50e2620b5055f33ca9fc003f206569aeb3fe17ed85e3dd0363732249887d192cbe33e60c8ecbf04d
-
SSDEEP
3072:5A8Hi8BhR7Tzj01NWwQ00CP3I4S5ZIRGq1Fu+ZIP/iXVDYszum21l+g:eF8BLT015NblSb4Gqbu6IPaXCQWzD
Malware Config
Extracted
formbook
e7nb
PsTzh30CVEdk
lubNs/ediiAunBs=
508fP8IdRzd/
U549ZBc72VO65OOIBgw=
Zrhzpl05MNXVsnltXG7VJcZMaQ==
PHkdSJEyEOSxOwb6W0mv9ciuW+ybmQMt
uirizUluo2S80tubABs=
NSBqCst2TQsoCuPQCWrVJcZMaQ==
XgULikLb6PkeOubi
5YBDKpVGIrvCFbOc3Q==
8DbiHNWtmTAyw1YsjH/lL8TpimUu8ygl
nxj1I6Op1IGJVRbN7gpx
0KvxaFuA6cBryzDH1Lni7s9W
1rS3Dk9oxD/fRA==
eMFF9fHMPRZFILKx5WCRng==
pMxC7OGKd0jbCYRVMHnbFur1N+DU
nZzNQDhdyK5hEL2QkPhrtYVHz7k62Y0=
siXP5iXuAcxnhZBayg==
dP6jOfGxmFQDW+zPoDtnpnY=
MidVv6GxFvuwx5R5/w4=
LpZUdST377Hpy0TN7gpx
LsBbQ2sZTBNsWM+z5WCRng==
YFa4bVYH/tGjCIRk6yCVvmmvUwU=
uqThVT3iIRWG1oVNanjVJcZMaQ==
yN1dTZel57xXn0sEba7eJcZMaQ==
/1jjitFRKpyN52Imwg==
k7IxIFpTqoM4iTOtFBU=
9gOZw1XJoyAunBs=
Jr9fTH9F8Jtlz+OIBgw=
sE1gheW3Fgk2SBbN7gpx
CTK4XmN1v6Gd98qvZk95
e+rUBXFDusmiCuOIBgw=
fZHunc2mxD/fRA==
fnTXfIzBd1RpTRXN7gpx
YtGx3lYxoYE2ihunOy5lmw==
HECnR2JpQZTRbAY=
eLEkG1ry2Z9f376ekrfgSA5e
f3vbjXohEdJG4o5NAAo=
ZHfBOzJEfEvwPvPNWKsaViuskoAmmw==
SbRbTa5ZM+z+Jp9fTEt5
AaFWcbw1FJTRbAY=
aVyXNgkXUejctF0p/u3gSA5e
1irAZGGDz7vk9rR+cbvgSA5e
rwaQLi3z1ZNoyzPnFTODiQ==
X86YvV9818TpvuOIBgw=
fYzYf6jbPTkYdATucqAWViuskoAmmw==
IPoHMrvXPk3dO+qz5WCRng==
VcSSh/rDsVgy4cqd9hh3elxP3Lk62Y0=
iv7I8Zi3GPn+VyD1
E6+VFL6F++HOsmc0IJWx3tFW
nMT0kFURTw+0vjcIFCKOum61koAmmw==
RNvmXQzRLyQU6qBZTudAYGE=
vrII/zgDdFC1xETN7gpx
8qC110oD65CJVxbN7gpx
BSrg/UwN+pnkuGRGSsgzWNn6hRw=
XmaV+d+ixD/fRA==
k9Exy5USh0R5
hzYtTbRjQOrvzY5JBjZeooABDbRzmBU0
EG49W40rWxrsUCbn
0BS16ZvEAcXkvOOIBgw=
tPpwEAnSuXYOVQO+5WCRng==
/NTiWhW9+//cLMak5WCRng==
r6gKAzHwMd0T8Wc2fs0DIdg7Yf2bmQMt
SoDogHd/p2c70sOy5WCRng==
wikidesva.site
Signatures
-
Formbook family
Files
-
1528-66-0x0000000000400000-0x000000000042F000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 180KB - Virtual size: 180KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ