formbook | JaffaCakes118_266b0a90be43765ddd1388d6349e88bbf35ce741b4ba117889a630060e95c357

General

Target

JaffaCakes118_266b0a90be43765ddd1388d6349e88bbf35ce741b4ba117889a630060e95c357
Size

168KB
MD5

19c9f39493acb7c6fdf0bb6f280000c2
SHA1

a274d466abde971c408ac24716eb74e3ec4c0fe5
SHA256

266b0a90be43765ddd1388d6349e88bbf35ce741b4ba117889a630060e95c357
SHA512

aaa0f1ca54965b3f04d9bd7820b6381c65664089ae1a88d29eec7f44a9b59c341c3d118cefea2501a38e202fb210b599b93a33beedaa90a4a63ad481d1e87d05
SSDEEP

3072:Du5BDPxFKVf8QJpinnEbziNzC6+6YGSpaoNz1A4QOV+V2n0AeO:M78kn9zj+6BS/N5A4DZn0Ax

Score

10^/10

rat zc9 formbook

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

zc9

Decoy

jncnsbc.net

joserodriguezmedinaehijos.seat

hirasyour-onestoptailor.net

ratch328.com

monroauto.com

tropicservicesoffer.com

dubaiangels-mail.net

brookerenee.com

service-support.business

softvikram.com

shuyabaojie.com

peiqilai.com

depart.ltd

srtextilesonline.com

li-h.net

lawssales.com

middlestream2014.com

tribemarketer.com

leaawards.com

fztzlc.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_266b0a90be43765ddd1388d6349e88bbf35ce741b4ba117889a630060e95c357

Files

JaffaCakes118_266b0a90be43765ddd1388d6349e88bbf35ce741b4ba117889a630060e95c357
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 163KB - Virtual size: 163KB

.text
Size: 163KB - Virtual size: 163KB