Behavioral task
behavioral1
Sample
480-54-0x0000000000960000-0x000000000098F000-memory.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
480-54-0x0000000000960000-0x000000000098F000-memory.exe
Resource
win10v2004-20221111-en
General
-
Target
480-54-0x0000000000960000-0x000000000098F000-memory.dmp
-
Size
188KB
-
MD5
9b1c552a8b84de8783e9bd79628ab15b
-
SHA1
6fad2b98bddbc20b309a5862f6569dba242a1075
-
SHA256
5f936d902663dff78fce711d33e0173ef66a1e5f43be62922823f41baa670828
-
SHA512
6825aa27fb9783e45212fec5c5d32bff65143164dbce9140bbbd61f2b50bb6d9157dfc47651cad6485fb1ab564e5072dc39a40bdedee3cdf976bb1d37e8861c9
-
SSDEEP
3072:HD4ffkX9xR1lkd4aFNgWZarr/h0JsnIJaAZe35Gm148pSae92Dx1hZrrpa:ccX+1NLemJYQagc5Gm14Wqehh
Malware Config
Extracted
formbook
s3f0
zm/xqaOkp7SIM6I9k8cYYQ==
R3BJUiYhIJsD50TcNbbEexs=
r92WbDh7DjlsCftKuG56
UmoUBecGa6YL6A==
UQLQ4AmN+i0R
ATNkzEHBHyMM
BSHJi2n11k/Oq+6Mug==
+Z7elo1OY5UH6Q==
dZEf25y+5WLNqDGY9DI=
Zu6ipAkOo1QGo6fHrw==
iquKhUajLOlfLDduk8cYYQ==
6HcbD4jxPzcS
kCkEGSRmmQVzS1l7k8cYYQ==
kpV9fdfeZ3ZO/ozTsg==
Vea2yr7h+HTYxwHH9C8=
j7h4fHeMuGfayAHH9C8=
tcQ2/YKFQAFqYKxQfu09Rjl6FA==
RVYC2MYEERU2x8sXLiY=
dv+nDEaN+i0R
CbNkLJj8EFE0Hmn/LSeqpVhnTmJs
+ZEOpoOkxECzic912Y8PShp8Aw==
a0RqKQgbY5UH6Q==
r8V+RgNeIIkBjs3ZsQ==
7Qv6BWh/PARjOnwukALFRQI=
MUUVLrgDSk8zDkSM8+Vr
GzbbrHzx8TsG
HKl5kIqcyQf+5PcjBw1LgSt2
OeGPjRA81MyxjxlMIjg=
ModfBJr4pVI9HDU=
WxEkl1ieterVowJWOqwntZa8jK4=
5A+whwjta6QR8A==
ITMeM7j1ophzQ1lv4+xedg==
mMRuTEalMPNTPIYLZh+mLvlU+oyOCxOwfg==
Nrowi6Wgx3HlvAxnk8cYYQ==
VdxwOYbxSz8O/g==
MsFyPR9WdOdW/ozTsg==
cnUhYEcPQ4nuzA6Sug==
nkIK4UmbRz8xCh5CNCFyL+9LEqmUCxOwfg==
Ib0g7nBq49zFnOx+uLQtIdI07P/DGB2Q
tmM4VN0U2uIG3/5O
ZQGERYSVSgxiQ2GHu/ZCeA==
fxTMo6QIqrqdeoigPvxIfA==
OlPprpwDnsy9g7UMvu9y
E+56QVJyxgiuTE6Kug==
ydqQfADocyDUZa5L
n0W9d8X4os55RTw=
cBHV2GKtsOfafu+VpQ==
1HQCWd878ufauAHH9C8=
jrFRNQz6Id5PFWD9La3wdpa8jK4=
jy+7SS06N7ci7UKXgvJDaQdWJXhYiA==
11cuU20ltrJKPys=
BqUx71KxwGPeq/ST8Koytpa8jK4=
NkrsRrjtns55RTw=
sUj218/A3SEa3irUPLbEexs=
t1f0viixHSUM
x2PtpvQs2si/h81ThvE4Rjl6FA==
UPnS6Eg3yIDesbng0j6OtU/X1cByfdE=
uGtfm4RJY5UH6Q==
+5FJF/1Ozoro1QHH9C8=
PVcAup3f+jI=
9Ik+OaG4Qzgj9jagPvxIfA==
sUkveHFEY5UH6Q==
kCuqZrX8CrQW+ghcwwNBBbYk4vvDGB2Q
bJpcLRmx+yMO
worldhealthfoodfair.com
Signatures
-
Formbook family
Files
-
480-54-0x0000000000960000-0x000000000098F000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 180KB - Virtual size: 180KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ