formbook | JaffaCakes118_b2c0f6a54c2b788f54a834480ba999113a1431ab058742d57db6353180e68d12

General

Target

JaffaCakes118_b2c0f6a54c2b788f54a834480ba999113a1431ab058742d57db6353180e68d12
Size

184KB
MD5

0d8099a6da27e8b2256cefb388ce56e8
SHA1

379cb671a72e36e26bf2cda7a3dcb627ae4a586a
SHA256

b2c0f6a54c2b788f54a834480ba999113a1431ab058742d57db6353180e68d12
SHA512

935a0a42d2f15b4870f2b08dc79edc162781220b1008ae7924cc54a227668ce359b6c3e0d387d044da6bfcc231a31a3daddd7c7c083fe8eb03402c6de720bca9
SSDEEP

3072:bBrYDDjU/T7bUPlFunNgWa77DvlJ0TQUt3puUUG0uhA2yvrr8qzPBNdiZQ:EDj6wuNYTf0M0ZtUG0r2WRLBNAZQ

Score

10^/10

rat dqup formbook

Malware Config

Extracted

Family

formbook

Campaign

dqup

Decoy

RBFKWV5uGrUdf6hN

jGcsTVbthgGRPm1nWzyE

omvIH2jxGd0Sn12CYeAAIvEODy/o

LLuzSX53kGpef9bObGSZ

P7qPqZmVr42VH9LObGSZ

EeWGEWEDxEDd5U1TxRw=

c5/8gdte657s7yo=

kQyJz9WGgKAWCTU=

94EXa2L/gCuXTwVF

QwngPG0f95paVrPd/TEdsg==

AZ0qhZ0icV3HJCS8tw==

tYe83vwj5a8uN3OSZEC+iZW/

aCkNaXAMOwxp+/X+MA9RYTs=

RDOfhwk2ysWuvw==

L79DjZhLdk7AqW/ObGSZ

eAP0idjnAen1II6+8TATqw==

d+/2mB+UWxTV2F4IsdJS5DE=

ZR9aco6xbRNvaehuqA==

zJVFYGnffyUV75T6phA=

yV3K3+jViRAtzJDNQThu0lZp+2FeyA==

Signatures

Formbook family
formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_b2c0f6a54c2b788f54a834480ba999113a1431ab058742d57db6353180e68d12

Files

JaffaCakes118_b2c0f6a54c2b788f54a834480ba999113a1431ab058742d57db6353180e68d12
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 179KB

.text
Size: 180KB - Virtual size: 179KB