formbook | JaffaCakes118_508b2dc7aad52f51d34bbcbd6d4e80761c6f4189db6c052f138afa1f7a9e9300

General

Target

JaffaCakes118_508b2dc7aad52f51d34bbcbd6d4e80761c6f4189db6c052f138afa1f7a9e9300
Size

188KB
MD5

57c2edbbc84246903c7d74ca868056f4
SHA1

8b8b492c481ccb21645dda2a046d5610ae1c3f01
SHA256

508b2dc7aad52f51d34bbcbd6d4e80761c6f4189db6c052f138afa1f7a9e9300
SHA512

9bc7abc6db48cafc7a09c845b278d1d4084985bed9405c7eeda28bcca1308d637e3a7c7bce2e067653f2b5d88105a048021fd7e04e83ba5e9ffa7479864743c8
SSDEEP

3072:bpME1PitFpB6/dzHAWcb7bwQnNrB4fFUCgoJIBfUd8MBG7QmbBl4:bKeitZaHybXNrW9UdoJIBfU2PJb

Score

10^/10

rat hgxg formbook

Malware Config

Extracted

Family

formbook

Campaign

hgxg

Decoy

Bo23+7jNwA9VLw6f3+Kfnw==

LwWA7amoqxY6n4IvKINE

l152/Ggx9F0u6y0=

nS0OOjvf2dE4JsOAyA==

G7UL/XGBdvFglNmKBHHPEEkm

kW3BAi1gCwthWvKW0Q==

IrULA45bFPRZGWE9aiJM

OQ6C35hyKY/zr4Ic6NW/T3E7

xcoiOCRd+NMjUsDgH9Brdt0=

dS9YoWsinUwq8z9fnJrKRFw1fQ==

m6cHSyAhHYi9YD3pVgNab98=

HrgXB4hNGgmef+EHwA==

KRtNSSCHcHPEYUnw3ejxNl0yYg==

A7HpIgPSh/EkRJMl49a/T3E7

DM0rRMp1MCJzJcCy2ac=

4ckoT1eraFGIpQc+s9KSlQ==

eP0tFn8s44V5JsOAyA==

vbrw6vxDC2Os0jVdjmofKkbbQHk=

XPVmgO7Oy5d6MXqZENT6SXBNR8UfTqA=

Ts8UKoN2VlEyBK3M

Signatures

Formbook family
formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_508b2dc7aad52f51d34bbcbd6d4e80761c6f4189db6c052f138afa1f7a9e9300

Files

JaffaCakes118_508b2dc7aad52f51d34bbcbd6d4e80761c6f4189db6c052f138afa1f7a9e9300
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB