Extracted

• • Target

    3e6cb6a5af5ecb01dbd56fe6c33a22ea_JaffaCakes118

  • Size

    440KB

  • MD5

    3e6cb6a5af5ecb01dbd56fe6c33a22ea

  • SHA1

    e3404f90c9e5599d32707ea9ec2cf28b425ca09d

  • SHA256

    a84082ae91276ae65520f597253a8b7c1d0756bd0818ba4f50a986b716fa356a

  • SHA512

    2a2b8eb22b46fb3e527cf0ac73d419da4d45f09f15e8b74b3d0a5b7640e7a26da8bb1b409984975c40d6a0936b4bb11ad0aef510c6b4ccc2f40ba6938f25659b

  • SSDEEP

    6144:4Ik+g+ykKrPe+SNbvEMdJJ+iYieQi2COv8XmTjkLm8nfsxF7wjimU9:4P9BDSNb9+iYZQD82vkLnfOOim

  Score

  10^/10

  formbookzgrath318agilenetratspywarestealertrojan

  • Detect ZGRat V1

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Formbook payload

    rat

  • Obfuscated with Agile.Net obfuscator

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet

  • Suspicious use of SetThreadContext

  behavioral1behavioral2