formbook | JaffaCakes118_8d38d6119e99aac3a8777420668b4e69d8ac03a9f3224207cf25e26e2cf7d731

General

Target

JaffaCakes118_8d38d6119e99aac3a8777420668b4e69d8ac03a9f3224207cf25e26e2cf7d731
Size

188KB
MD5

375d2d65a036c1b58acc30a58e68cfeb
SHA1

9bf991f18e4d6fbdd9e8ddd63db2cd518d9bc756
SHA256

8d38d6119e99aac3a8777420668b4e69d8ac03a9f3224207cf25e26e2cf7d731
SHA512

cec15185d55258a324bc66ee0ca95c21d9d16f8a620f82350110b31a91ac8ccd671f274e785ccb83db81ce6db94372ac37dbb4dc602ab373e337f02230a08a1f
SSDEEP

3072:dzs49sSRrwmpaBTqJW6sE4VHT6845/fwBziLPoYEswlYxpqJK/:dE+c6Yqfsru8U/o1EPoYNwlYZ

Score

10^/10

rat figc formbook

Malware Config

Extracted

Family

formbook

Campaign

figc

Decoy

47NW9KXrL+jgHgkaH/SBm7e9+eE=

ZiDP2+PQatbRpw==

McLVGasjijBUTSo=

7pCDHTcZBQCyFKFSb/4E

YwIKwvCFzlnbzcNqDNZ3WH77

yFJV/xjTQINSFzg=

HJb3EiH2afruNRSvM8UmOTJszaNv

vpTsJ8xRpExCgnlkzaoM

hUfQlYHe4Qb+DVchQM/mlOM2kjVisoJUMQ==

0URByQED2NCVrO2x5w==

0rjp8oD4ZRKfuI9GPlhwJA==

dxYJqqoonh7bHhMqMNIxXJnL5biDg2uv

N8ICb2IiuRdOx0dgucigiZ0DBA==

xmZ3s1jrZPStPdn5PlhwJA==

UxQyYwqi37V3q59to3PU5ZOZtoEGTcin

SpBGRe06ITs14S8=

spVKc4gldemrMNzf

6IBwrjx2XTs14S8=

FOp6CqjQtLdXT25kzaoM

P/O46RkpqQ8Uvw==

Signatures

Formbook family
formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_8d38d6119e99aac3a8777420668b4e69d8ac03a9f3224207cf25e26e2cf7d731

Files

JaffaCakes118_8d38d6119e99aac3a8777420668b4e69d8ac03a9f3224207cf25e26e2cf7d731
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB