formbook | 2840-68-0x0000000000400000-0x0000000001462000-memory[.]dmp

General

Target

2840-68-0x0000000000400000-0x0000000001462000-memory.dmp
Size

16.4MB
MD5

e102b43eb1d1f128e1c016966812ec87
SHA1

945b60841e7ebcc870f120008f9aa1f6592a320c
SHA256

d5056ce470854b1919b9f45b97889fb3b2725ae3e83f043c137eb2b664c6c8be
SHA512

e6811bcfa11891e1c403ca4e7b6d66785ff41c0da5db84255deb6135f9f657ae66462071c7bed130c1c26471d3532e495bf39fd233d20f363b501a360427e68e
SSDEEP

3072:XC0TEBVQgm1doR32317QpwdsyQ7GlbxP8IvNBHhPR:EqdoN2lMpwdsfMRvNxP

Score

10^/10

rat ms14 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ms14

Decoy

adjoinstaff.online

kmmdznky.cfd

keyviewgroup.com

kidomarketing.com

jroxtqpq.cfd

jdevmx.com

genqaagz.cfd

1cdpwp.cfd

francegoldvip.com

2qy218.xyz

peterscanner.com

trullys.com

aniwatch.top

windyhillcnc.com

pokazhu.com

r74jsy.cfd

paulgadgets.com

lindanewtee.com

lasik-de-de-8808230.zone

critone.site

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2840-68-0x0000000000400000-0x0000000001462000-memory.dmp

Files

2840-68-0x0000000000400000-0x0000000001462000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 179KB

.text
Size: 180KB - Virtual size: 179KB