Extracted

• • Target

    5178170c45e0851784f91baa348dd124_JaffaCakes118

  • Size

    442KB

  • MD5

    5178170c45e0851784f91baa348dd124

  • SHA1

    c1c0915d5cdb519f6074e46db952640895138db5

  • SHA256

    2d7ef6ddf7ca1a79d33c27c775e91d44d961a8a0b2d994e9ee9739be164c5402

  • SHA512

    8f7a3d1399b4da6077f08930b522d9cfd9054d11da126dcf2436f449e0250dedba6a8560ed0431a51c1eecf8ae25482b62d1484f879df9230bc6875336ad3d86

  • SSDEEP

    6144:OWJQvbUov+9n6ZiYj0j2DwsCOv8XmTjkLm8nfsxF7wjimM:YA9nYw+wc82vkLnfOOim

  Score

  10^/10

  formbookh321agilenetratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Obfuscated with Agile.Net obfuscator

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet

  • Suspicious use of SetThreadContext

  behavioral1behavioral2