Behavioral task
behavioral1
Sample
JaffaCakes118_037d200f2e5203637a070fedc016235a3c5c1b35e357f959e9b78f28365ba0ed.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
JaffaCakes118_037d200f2e5203637a070fedc016235a3c5c1b35e357f959e9b78f28365ba0ed.exe
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_037d200f2e5203637a070fedc016235a3c5c1b35e357f959e9b78f28365ba0ed
-
Size
188KB
-
MD5
12a17862e6512ce44fc012cc5ea52a7c
-
SHA1
0de2e0b4b72896b70a733254ea235955b11be414
-
SHA256
037d200f2e5203637a070fedc016235a3c5c1b35e357f959e9b78f28365ba0ed
-
SHA512
1bd595ab7d06e59c931790818c24a985569e5e3e377efe5090c198cdb4b5799bc79aa45d6dc319f0668549ce918199410d58d21aae5c996ff3630949befdd732
-
SSDEEP
3072:IiorfXLXyroMMfVjSsxWw77176Ty2guVwhVv/tz5S0U9nqTrD4X37L:5oaniV2sNBUyjuWhVvFz5SN9nKD47L
Malware Config
Extracted
formbook
inai
g4lCWp3UdGTjeRVCemUUCy88gZag
2/3mottmBPx1TKvi
39WJoVjJV/cDo1YbGus=
e2ZdaeUL+4tYSC2e9oIQzxk8gZag
7Lo1cDWkiR/eHBi5ejT3kJ8=
/MwlQf2Yc9aZ1/GZcQ==
kEmy7uwn+ik=
XiTvR/zylKe5
4LkaQbOvQWIYx1aK0FBNhYg=
GOh5NP6o3f0ubsM=
oQfSxUtwaALCZLYgL+k=
DQ3rMG+YWciC1kVkfljmRInn
vLeCFvWTdewizA==
gnsdNR2bedmYrto=
BrxvC7XrxODpLsf3cZmAwBqUrogAPg==
Q99EeN/GSmjptGrvaZJr
Tc7jf4Pqmai5
0ZNP5oe1Uj+6VLYgL+k=
8b8qrrBVIMg1b631
PwFFZd66fm6u
G+aRutuRLZiR9TO4eQ==
WVs6ebbJVkSkz/4FPDGitbv+
OwmLyP/5lAjJ9NtxPKvO1TWJ4w==
dinnQoX44xKCyQ==
e4a96Wh2OjF4nmDlIJRQ2Cs8gZag
RhL1r7ImyHuyTVmhb5Nj
cgCad/mvkLMhGKzdIx6mo/5hqmU=
byfwMmmE846S9TO4eQ==
GRXA3J8YvW5hjEXTVAghbw==
YSjecZAsxGyQITfqcBkzdg==
fI99vYRP5UoCeuW3caiEhqjv
dCGW3M042I28Cc9TlBAdaw==
RfVXk34fwTju+M5iMLgKmB5GwXE=
yLzj5SQN5QGuBrHCJRpnZoXSrLT9VFrU
ZRJywzynUXqz
U2MtWdgN3wB1TKvi
vIdRnlsDoBMHRg9/+jcSFkOprogAPg==
3KVW5m+QJiDAX9fK16A5CSE8gZag
Jxe97elSbSxjBvqOav0=
o02mzr9tdewizA==
U/RJRYmYudnddNQ=
5PvbC0c92ABtoLYgL+k=
nlECmRY73YaP9TO4eQ==
ulkl0RDKmEh1TKvi
//ipz82BTsq3UUPKtjT3kJ8=
Mxvaes/nsthfFKqhb5Nj
58KbKCXMaN2Yu9+3caiEhqjv
AMwmXZjndGecrmTq
wmTB3B8ftCrnLi2mdt244ymTrogAPg==
Bd46XNq6fm6u
rmYx3JHFZ1DKHnufsTT3kJ8=
WgvCYo8195KP9TO4eQ==
M9pPlbZZFgJ1TKvi
E7N4I6jFmHK1BPmTcQ==
2ofvLyOTIJORKB+ugsX4ZvIDq3I=
ixFqnmHVS+4fwuaaXseiJkiQ4Q==
hVEaw/madewizA==
Szsoa56TJI1CkJjZBNF0
b18765i7WXjptGrvaZJr
jH1KjfohyMADGniUCkPmRInn
mFe57Nlb8NFVc8E=
/eKsT820QDO2UrYgL+k=
u7OeUQRV6IeEqO23caiEhqjv
uZ1vANNG6I6GwYcAUlHmRInn
mg-portal.online
Signatures
-
Formbook family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource JaffaCakes118_037d200f2e5203637a070fedc016235a3c5c1b35e357f959e9b78f28365ba0ed
Files
-
JaffaCakes118_037d200f2e5203637a070fedc016235a3c5c1b35e357f959e9b78f28365ba0ed.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 180KB - Virtual size: 180KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ