formbook | JaffaCakes118_2d5f2e193a6ae5e0ba967f5d76273a8223626f007c4a6abbde19d172ad433b87

General

Target

JaffaCakes118_2d5f2e193a6ae5e0ba967f5d76273a8223626f007c4a6abbde19d172ad433b87
Size

188KB
MD5

319fe9b52ed614233f94ee79464f82a4
SHA1

b7faf3c57b6eef239220ccb385b9578c97e76d73
SHA256

2d5f2e193a6ae5e0ba967f5d76273a8223626f007c4a6abbde19d172ad433b87
SHA512

2c32aaefbc2d7b8ad00f50ba3a294b08a2e1d4a4f7b8a4e2f69bf3f95f5655d2d13ab811923e749db56db58bbd9feef63bea6a1eb34740d39399fd70dc3e3a34
SSDEEP

3072:u44SKU49mW0MN1xJGX2Vttp6sWy9YHRZZxdnXcIInKm2810Uq6CyKynsJhh:u2KzB0iYA6guDxFX9InKm2g0p1yUz

Score

10^/10

rat go5o formbook

Malware Config

Extracted

Family

formbook

Campaign

go5o

Decoy

fS9ce6bj/U7J6Q==

KPSUZUVU42J3IaXPjqsA

cDR9Sz1n2BN9eTutNa2QNg==

POJskuyBUqUdVp2wiI8=

t9gcQ5yNydIfrO4=

9oakDnoh0VXC

o2Z9n/2iYtDFcJ2wiI8=

GLBJZsgVkt3eXZragNJjYiGQ

axuNlck5BkA8plrI

khk2/+G5g43K

Fauoa7FQG6EN2QyITg==

fgaVrOb4mLl1KGNUX6jkXCU=

HQkML53cm6Ae+zIhRg==

TBodPq4E4AJylpZiNa2QNg==

wHghSq49EVU54E8mChOvRi5W3cn3ItLVVw==

rET2JY8u+TgVpzRtRF54Kw==

b0mCXc5pcXHZ9A==

QfuIoOgHl9IfrO4=

87fV+WQT5IKlSnTqmb6SbSMctA==

E+Yg8EqQKJi9XJKVqrA2i9TO78H53I97

Signatures

Formbook family
formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_2d5f2e193a6ae5e0ba967f5d76273a8223626f007c4a6abbde19d172ad433b87

Files

JaffaCakes118_2d5f2e193a6ae5e0ba967f5d76273a8223626f007c4a6abbde19d172ad433b87
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB