Behavioral task
behavioral1
Sample
2012-62-0x0000000000400000-0x000000000042F000-memory.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2012-62-0x0000000000400000-0x000000000042F000-memory.exe
Resource
win10v2004-20221111-en
General
-
Target
2012-62-0x0000000000400000-0x000000000042F000-memory.dmp
-
Size
188KB
-
MD5
418967064acda6f60a83562943b71424
-
SHA1
eba0f801208161c77013d96ded5d987ac35dcbf5
-
SHA256
b4338fd4f2de061bd94b03d702bcd3e1420de4b1cf02209980795f5c68a32e31
-
SHA512
746b92aecb83a53e81baf97bc11f9058219874ff2dc45b3423c75676728a26ca5a88b32451ce34edf6f4532a10f6d747cd9a5bfa9de7f6e6e0a758db484e977c
-
SSDEEP
3072:cYTRGzK9JeMHQPIhTJWR0IF8eddYnjG09brkmvFbHWvOjRMhp/jDpHaNmzsiCI:cYTYKDvxhTQQ+dsi0d4mvdHW2Sp/jDxB
Malware Config
Extracted
formbook
ctap
7fuiHU5O7pBugItrXtDlRbQzVNAypQ==
Ioe4Ezkvrkk5SljtGsXC
7SdYmzWqxYzoB10eYg==
87z12VKpqmy0nXHtGsXC
frPRoZR38nhTXl/tGsXC
JybcU3xwAWn21yEPd4XnKA==
B6LTKeV3SeQZAg==
9iFOJSEVtE+I6ea4tn6M72ANGm3K
bROuHdVCVl63QIZuI2etey+ugP0=
25FDh/Be3fhaReK+BwZm9aY+og==
ipYbazKawI7oB10eYg==
Y3ONgI2GHcStmm5WhEZCsE/GlNJovg==
NMjp1U2zzpPoB10eYg==
ZZOygHxoGkBxNTz1RnI=
Hy1dkswBcyQh
94qXZbB1+8ciD4Q=
JUhyQ8Fxl+4gBA==
7wuj4eTJFutgR7+k1R8mIA==
Nj3QJ1RBulY2AMS/1R8mIA==
LjFXk8zI5vgdq8N6ropiNA==
nY89gXJDEfBVKr92
B6LYriOAfArPHHFJ6GL7ft3U
kIk7p27kZ33eB10eYg==
eA93/mraXg+2L+9MtmgTxVFItQ==
hc1xr6OdNMsCXLheEGU=
IA87HCkHromAm7R9SMmazj/qn9behvU=
Mj9foknCAtvQXt9xIk2JQh4=
W3Gh+zkYE/uwRpM=
lZEqcCOT0ZjEwMKpmirjivje
CyNbfy0ZGDBqug/N1R8mIA==
X+4HQAlw2o6vVCLr9MTK
5y5nRkks1fIkCNS+67249aY+og==
ysBJtXMhhFw8
oRVBObsWGKfcB10eYg==
ME2B0Qf9HOfXchPW1R8mIA==
YY2ziIVy94hNYder3LnK
lH2tk42AJ/Vl8Dgj0s4VW6QNGm3K
D7JHhgNmmWtOn++PTX0=
0N2KxcSUx21K0Fwma3XgJZANGm3K
NR0jmgFqj09zeeLaFV3R7UxHtQ==
9hNEpVbKBNbEL3Ba9Qtq9aY+og==
3Q3ECwbkbyxftAnI1R8mIA==
lLPuydDCft4kb1/tGsXC
2WDm19rOej+aLId3M4/uMRDToNbehvU=
na3eP/JYl+4gBA==
NgVn3Zf5DvuwRpM=
8KNWzX3pIP71kYNyL226kxA=
RWCN6JUQTzuuBF8YYw==
dbtazAEhhFw8
TodAs+DIvF8nB10eYg==
1w7DOefwp0VL3LN+
HWgRe80ul+4gBA==
6V90Vb8hol01GPG9wXxNJjD/zyLqzV1e
44Kv2dbKhVtkUNKe/PpHwV5VQOA=
5vwtBv8ETBt01NyhPowI7kUJDlDA
drvozVi17rfkqWvtGsXC
CcdTmqRx/+dKGQ==
0dMEQ3Jsi1Q7B10eYg==
CVIeZrIa8thL3LN+
3Bmb3Y/zF6zeB10eYg==
/wmj22e/8s0zBpV5wqeN0kgzFqHrEnNR
BilUKx8bGvuwRpM=
gq3aAzwoLDeX+PzIkCrjivje
Mt/80j+6RE+s1yEPd4XnKA==
anniistore.com
Signatures
-
Formbook family
Files
-
2012-62-0x0000000000400000-0x000000000042F000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 180KB - Virtual size: 180KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ