formbook | JaffaCakes118_cfaefb7e8b636c7e6675da68cc0a752196ddaa9397a1ad86194236f54a55cda8

General

Target

JaffaCakes118_cfaefb7e8b636c7e6675da68cc0a752196ddaa9397a1ad86194236f54a55cda8
Size

188KB
MD5

145a31ee021811ad40e468bd3f38b035
SHA1

4be1a4230fa7db3a1b96bf85566d15dd37deaa10
SHA256

cfaefb7e8b636c7e6675da68cc0a752196ddaa9397a1ad86194236f54a55cda8
SHA512

9363e151971bfc4ed589500c718dc8b7db83613f48b7b231feeabb77859255df503ac31e8eff631cc1f4899edd54de799501ddf5283bcdcaf4277061fbd1dc38
SSDEEP

3072:J57fMwH2rfOYw7L1mn6sWJ3YD2nPgYRO2yRcos/tPVBY1JMVJLkYs8kDvMEab:Jl9H0Wfe6LbPgeOBRcos/tPzY1JRJ8k

Score

10^/10

rat henz formbook

Malware Config

Extracted

Family

formbook

Campaign

henz

Decoy

IxWMb+jVsoinShuZJzk=

TPfKgQZ//oGnKr/J

EsK0WxD5kY65XOW1Td/5CxSUpCUytR7M

KebSmiCP9p8yUw==

HAt/ljkEuqMLHOLCi53Pv8MKX9qk

CY4ogZTwJc4vSw==

WWDIx5UYUDyepntE0YIAPca3/rI=

+Pkr01Lfb2rME7bL

S5nyK0p8jS2xdwQ=

W/oqvlO57LfkLcLHnQ==

zrrwtqkTLwxulm4l8FGopw==

AqucYext8bzFbOKthIm8E6gfVkUHxKY=

OfnjeDs78+RTcz4OHRl+

XKf1wwpZR5hLLjHgmUGOpQ==

JMyhSLoJPTCwn5o9zX2d8i1+

Wk54MBsDhWSVbnIRkQ==

7aaYR/tOhh9piTw5/KHSRwuK2iqgafw7pQ==

hH/EYxN+jC2xdwQ=

S0F4ORqDjS2xdwQ=

0o/UwXnuJ+sJp0cOHRl+

Signatures

Formbook family
formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_cfaefb7e8b636c7e6675da68cc0a752196ddaa9397a1ad86194236f54a55cda8

Files

JaffaCakes118_cfaefb7e8b636c7e6675da68cc0a752196ddaa9397a1ad86194236f54a55cda8
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB