formbook | JaffaCakes118_2a261eae8488cec3d7d14e973034ab4b740796521bc82d0b237317cd8d8d151d

General

Target

JaffaCakes118_2a261eae8488cec3d7d14e973034ab4b740796521bc82d0b237317cd8d8d151d
Size

188KB
MD5

52af005cc7e884df4ca02242d3137eaa
SHA1

f524b36ac43ba10f123f48168bdc1a0ed34b580d
SHA256

2a261eae8488cec3d7d14e973034ab4b740796521bc82d0b237317cd8d8d151d
SHA512

8e7265592894ddb0fe67d832a5a135983c95416d738286c4871b75501641bcab43f9578de384cb3a9dd191a7185be3734a0b2b8af9931c21493536e3547017b7
SSDEEP

3072:J6GemsmpQpwSttWa4SPhANIYYUedCJ/YKURIdamE64FTHQTDGA:5WmiHt7holbeIJ/TgIdamamDG

Score

10^/10

rat tsuz formbook

Malware Config

Extracted

Family

formbook

Campaign

tsuz

Decoy

7xznvXjpgziXgKV2gqDW

v7D1tLx/XXVj4TTJXNA=

Kksd/nV8o/fgptkq+1ql6A==

vJOH8u8W1nXX

iJ+tj7iKjquTOKxx/3r8KiNc63xxRA==

5xTbq0yL85f2O8soEE0aWGxrjA==

b4/knWkfwQCByw==

AnrOservDq83Fw92/GiG7pk9VAzP

o7ULEGiFpFC6VQ15RtI=

pcuYY7Ei2ReJqmM=

kNvNtWa/SQJpV3t4NFw83Ea4URzU

eGmxllMUuHzf

xwWU/I4R3RuT0A==

h4kM4poKqlXK9NCgTs8=

HkWLW5J3hL6vF2MFgsnAa5N5kpHF

u+nKjgM7r0ewzdd2gqDW

XE4s8ioNHndqM2P+krcGi9g=

OoVuNLkVoUGpwd56GXTPATwOJycptRJwdg==

n5cbiNrqOcpcqGw=

1dve5llFRkJ333E=

Signatures

Formbook family
formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_2a261eae8488cec3d7d14e973034ab4b740796521bc82d0b237317cd8d8d151d

Files

JaffaCakes118_2a261eae8488cec3d7d14e973034ab4b740796521bc82d0b237317cd8d8d151d
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB