formbook | JaffaCakes118_4bcd5258fe88ad812d96d6f36400d6064cae1118d93b4510f0aeca0beaea567b

General

Target

JaffaCakes118_4bcd5258fe88ad812d96d6f36400d6064cae1118d93b4510f0aeca0beaea567b
Size

172KB
MD5

7070e757ff9dd55c5a55a9fecb6fb443
SHA1

463e9b470fcfdaaf761e10e56872ea2a348596ed
SHA256

4bcd5258fe88ad812d96d6f36400d6064cae1118d93b4510f0aeca0beaea567b
SHA512

ec5d175547381b96973b496efe946f1db1002d94e5ae44bbcca697df5d9c1bed5ef0bf23a9bea911c86d89e9ad7cbb114a1fc3be495fc4afb34c874033e385a0
SSDEEP

3072:xJWlXc1prTNoNtyWSmRCvyCSWd+jFiCno3k2PlhvCzjZBN:6lXczTCNtBRCq5DjZnik2P/vCzNj

Score

10^/10

rat jem9 formbook

Malware Config

Extracted

Family

formbook

Campaign

jem9

Decoy

c+xLYhX8bZYp

P0nqzkPbiphttTfITK3IJjsNta2FsUJW

ZBW7gt9dEN6l7be1+L8K

dXhyCEzHjDYtAvcDlHuHx+yJoZajrw==

vglF/mPpsE/iFo/KHe6Brfmr

fGVO1nRGSEQmaSlU1u8=

amo59DnVrYGapit5mPA=

sTxSykj46c2a7mv7XY+pH0lD/R3RuA==

jpE0xPJu3qSBOg==

j8nWAEAoN0ze0X588g==

QRwPXbKWn6iP1lHnJ8rsRIM=

ToSlzgnhx7aa5lvrC6/icA==

fv1lCT4a3qSBOg==

eHR1tfrh2s05Bre1+L8K

Is0XhtdpL+qYGhVrzPg=

vrRYQouBdTLXZn4+dFp76wiFoZajrw==

S8/mZum7uaMVEsNMSuAC

/WJ672YhFuu3DMu1+Jmo/xqj

f68UFVL8bZYp

UEQyZYI1IBL3O8JMSuAC

Signatures

Formbook family
formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4bcd5258fe88ad812d96d6f36400d6064cae1118d93b4510f0aeca0beaea567b

Files

JaffaCakes118_4bcd5258fe88ad812d96d6f36400d6064cae1118d93b4510f0aeca0beaea567b
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 167KB - Virtual size: 167KB

.text
Size: 167KB - Virtual size: 167KB