Extracted

• • Target

    18675bbfe27a96c3e8e535c98abcade3_JaffaCakes118

  • Size

    346KB

  • MD5

    18675bbfe27a96c3e8e535c98abcade3

  • SHA1

    e8b0bba34a3da2e7b66c6a9eb85ef5bcd85b6dd8

  • SHA256

    1b21bf525993b2b88806225746546439bb83c2e14061b96549b97f486fdac241

  • SHA512

    12660d7129bbbf4dbf2fb4b93c13a45e7287b4b095e2a3ac81f264cf35bc93ac1e4efc2781bbb53794ef3431639326b5ddee93e7bf379e833ef74cd0b10ca920

  • SSDEEP

    6144:4aBzukSHPYKBWaBqVQ4JQO8JBCciwfHGgGovnG:B65HSaB8Q4Jt8JfiC/G

  Score

  10^/10

  agilenetformbookyoratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Obfuscated with Agile.Net obfuscator

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet

  • Suspicious use of SetThreadContext

  behavioral1behavioral2