formbook | JaffaCakes118_0d139063d149682b14c0ed09cece49b33cb04d88f9fca3608fb7d92ca99d08fb

General

Target

JaffaCakes118_0d139063d149682b14c0ed09cece49b33cb04d88f9fca3608fb7d92ca99d08fb
Size

188KB
MD5

64cad5c3b41140569e181de5099a641d
SHA1

7b6f23d7087ebfccebd5168bdf11f39be865e61d
SHA256

0d139063d149682b14c0ed09cece49b33cb04d88f9fca3608fb7d92ca99d08fb
SHA512

2ab52a2f0be784e50543f4a83cc0a6253afc2ed3db413fd36e4063ffe93ab6a9f126462d46e728888b005701045bf44af4507ea8d89c2b840be2299a121c7709
SSDEEP

3072:B41o1td/cV0wviRixgwxBsxWVybxY/qS8Jp1kdqq5SzNJ3M/8r2bazndTSGs0XZt:B9F2pxswzCS6/kwq5PkCbazdT3HX+K/

Score

10^/10

rat 0nta formbook

Malware Config

Extracted

Family

formbook

Campaign

0nta

Decoy

gbsCquDKPUb+i0Rm

eccFwzyxeEotI8Ul4YIzPg==

bdsn2Sl9Bol+2aFJ6MKrx3NcrN+kLrA=

SLPEtzgs6DQUEdHiW3vibToq

Bl967wbymDrsQ18=

BWvuZozwNlwVYjPGv4hDOw==

L5nwqf9dGOOqwX+MGq2BhkBzz+ne

X6uAMol2Y9eex43gdg4=

0jFwFmPSjKJeT0s=

O3q7eQw18Jxs

R6HrqxiWheCCueVv

K2V+CD6jnKBbVPYHy89ho8I=

YLcAq+U9+uDgOfvdLvzp

kQPCgwDontKJxI3gdg4=

aeIPy0axLpNaaA52M8aGxaNE/Qk=

9T97HXSZjG1l

Nm9n0uvKQ0j+i0Rm

DIKJzOFACPe0LwgytIse0U/TqkgGhA==

Ya+2H09GvMXEEiy/0GLibToq

cruIS/BVRkv8+LjVkzTibToq

Signatures

Formbook family
formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_0d139063d149682b14c0ed09cece49b33cb04d88f9fca3608fb7d92ca99d08fb

Files

JaffaCakes118_0d139063d149682b14c0ed09cece49b33cb04d88f9fca3608fb7d92ca99d08fb
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB