formbook | JaffaCakes118_82546b728b33a23d8e2c72917c32a591f49d2ffccb7488dc6f2501f86472767f

General

Target

JaffaCakes118_82546b728b33a23d8e2c72917c32a591f49d2ffccb7488dc6f2501f86472767f
Size

188KB
MD5

aad7962a7d82a52c64a6d9c0a4b7f563
SHA1

d12da05acaa7012e7160017936dab233ac280460
SHA256

82546b728b33a23d8e2c72917c32a591f49d2ffccb7488dc6f2501f86472767f
SHA512

0e21f43ec99363ce04e3bf1af5021d9c0ea6cc49c8f48b25965c6a1b324f8bdd769c1fee8988b66fb6c7cc48e6312d0ab6fc89018245d7453b12df097e42f7c2
SSDEEP

3072:UxGFVeJnWyzQNcWnhum0pW0JeYYaT++yKGhOazHvuo/AGm47PAQo81:OGFEWc030xfK+jWOaz4i7PAE

Score

10^/10

rat uird formbook

Malware Config

Extracted

Family

formbook

Campaign

uird

Decoy

TlcuHu8rSVHCl8dEhw==

Z8eO99AIVtoGxGRAkg==

PaaZdt5sWJ2Fx8ZDhw==

hP9PRiY6iQl8hKx4nm+T

l2vRshx/7Q==

R7p958H+ZVkAp2wniQ==

HgjKvYOuCbWyc00xkA==

06cBeEZ072pjITrvlzZj2A==

b3FCFO4WVxByYWgbAM3vdYQMpsLLI3A+

yRGHdDlo36DrpJkd+MP5PAaftw==

5duWi1d/86QXFSGhHvQdjJZYw9FQ

F+LNwJ7SG40M0n0c+sb5PAaftw==

YeGzMwcgjEEousZ/5sX4PAaftw==

ZNerCOcKVwH19rVRYsAvZUA=

whJrTyE/uWfEyISFjm0=

dVUnA9EKBAf6uGA=

wK6DX0p+x4M0yMM1

DZv65LbiQLMKD9TJlWuO

yrEahmGCuRsS5Bnddws5wQ==

GoVj2q7O5NfZ2g==

Signatures

Formbook family
formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_82546b728b33a23d8e2c72917c32a591f49d2ffccb7488dc6f2501f86472767f

Files

JaffaCakes118_82546b728b33a23d8e2c72917c32a591f49d2ffccb7488dc6f2501f86472767f
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB