formbook | JaffaCakes118_80b6d9c401d946dafa07daa948247a446544bc9ef0631084eaac50d42e0ff890

General

Target

JaffaCakes118_80b6d9c401d946dafa07daa948247a446544bc9ef0631084eaac50d42e0ff890
Size

188KB
MD5

22d900d1ee519624b1a5d69864c193d0
SHA1

18b1777fd3638f89c44b628da7d8528892931783
SHA256

80b6d9c401d946dafa07daa948247a446544bc9ef0631084eaac50d42e0ff890
SHA512

750ba9cc1be0eb52ecc1aaa2fc35dc57cedd30f5df49bb7d155e39650b0e4006b4246492dbd62763c794d4a95c5fa8322c3dc8a107b70ab9f44e3495dd3fa823
SSDEEP

3072:xbR+VogY3na8tFBUyDQyzT6sWq/In65+m7uDzqV9aFsvnAIHNM8t50WBxK/Zvj:dRtt/F6wDsmKDmmFsvnZM8IgUB

Score

10^/10

rat wzm0 formbook

Malware Config

Extracted

Family

formbook

Campaign

wzm0

Decoy

N/JT7H4noNlLX1doSwJMBTQIp3xSJiMy

6OFR7nA/Irk7KsC5CaXFqJhM8diJjdXf4A==

1E+rStTEXWwnp3Q4q9A=

TP1bARPMPQl1WtzN

ArcWsLbGZXFWe+3P

WjqcQPIDzi1rOO3S

iQQ2yWUV3oMV/ZmaFFGou5DuVc3BTJs=

iqKw0X8j1FlWe+3P

Zd8KkH9wKWdWe+3P

WtkAY+O1XAQmsudOJaQg0H4=

5cAk33Qgn81WDCLa

I7RE48+vKzxcmZuRdQlBtTyegA==

GrMj8P7ORboGi5viIw==

lUqhOVcRkM/AbehHGNknD7FojYcj

8W2dMCjt9jRd

8nmpM0Hijr2PPXHkUGuaUB59HM3BTJs=

kek93nkdL6cnVA==

/rTmauCvZgoS1VziXg8T

TZyxQsPDhshxQurJFcoVxOTF

iRNK2FRO8BbCLTCjETt/Wkbk4Zop

Signatures

Formbook family
formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_80b6d9c401d946dafa07daa948247a446544bc9ef0631084eaac50d42e0ff890

Files

JaffaCakes118_80b6d9c401d946dafa07daa948247a446544bc9ef0631084eaac50d42e0ff890
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB