formbook | JaffaCakes118_6d4abafcc3765e247ebdb5ac132d7e6694e0f5dc1e6bac17ae8e8a6cc09c82d6

General

Target

JaffaCakes118_6d4abafcc3765e247ebdb5ac132d7e6694e0f5dc1e6bac17ae8e8a6cc09c82d6
Size

188KB
MD5

9666008343e8ae2cb5a6d5544992f3be
SHA1

f4832720527c1d88a8c03bb2f7fc292ef7f170c6
SHA256

6d4abafcc3765e247ebdb5ac132d7e6694e0f5dc1e6bac17ae8e8a6cc09c82d6
SHA512

c27e73a6af30418421d1f621d799f573399e977633e6f3733815e50318a12d386bf29beab9e450dbb89a3cf150aaa4704499698c76be82abcf088020e85645f1
SSDEEP

3072:yztG97Y2bQJmkCe8PMgNgWAx7RtrI2Iw/Gycu1DvYpzflfaRWJiB3FZSkNmY:yztalUolN2582feycu1D+flql3FL

Score

10^/10

rat s2h0 formbook

Malware Config

Extracted

Family

formbook

Campaign

s2h0

Decoy

aPAdsgRiM5x/yL/X5cm0VzOos18VCw==

dSikZMo3DX9YnT+x5r59

MuZXDW3373RVmozB4qxFB4TP

etxRTtBOmdLv9Ji3bO4a6w==

cV0TtnwKShHy

sMCRJpM3pLEzQGF7OA==

8/z1y5az+w6oJEvAnYJg

yStNFwgJB8qEsJ63zrBFB4TP

cTzYzR2KJdPl

XmERsrbQFFc8I6TW3/oJz61Zs18VCw==

kRd/feIxF5FObwVf1+Y=

OKPBaPCEyH0oM6Hn7oMSUso=

CgmzVibsv66DWPAUrXU4U8I=

sS1SCHE+uG6FD0TAnYJg

+KVTMo4N6VwErccB

lMaVXfE6YN3aeg==

YdgFnvPAI1QPrdAn34YUY8Gohu68JYOv

KzcRJLlCQHwbpOQqYoCB+Bp7yA==

wbtcD0JabN3m

vNfSa+yFzotDbAVf1+Y=

Signatures

Formbook family
formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_6d4abafcc3765e247ebdb5ac132d7e6694e0f5dc1e6bac17ae8e8a6cc09c82d6

Files

JaffaCakes118_6d4abafcc3765e247ebdb5ac132d7e6694e0f5dc1e6bac17ae8e8a6cc09c82d6
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB