formbook | JaffaCakes118_349ce1bd4da04c04f7288031ff263eb2e89478ae08754f61a5c6649a7a3831e8

General

Target

JaffaCakes118_349ce1bd4da04c04f7288031ff263eb2e89478ae08754f61a5c6649a7a3831e8
Size

188KB
MD5

7b288a9d90fe4128486d18422b5dc242
SHA1

678cc8a1136628a9921e87f181b90f6cd56d7ff0
SHA256

349ce1bd4da04c04f7288031ff263eb2e89478ae08754f61a5c6649a7a3831e8
SHA512

87a361d42dbe2b9b36aca18632bb1d2a071597de35a15dcfe3560a134c714c067e9f7a62977b1d2fc8bf15d2abc3d3fd7d98eb88b260f9a41bf9dce112aa1c00
SSDEEP

3072:qAnY5MUgN971NW+KVwiiqBoFlGFyI3Bmqo1Iogd4KHfEuBv/G33RS36gtD:qBWj1rCfuFMMGFoWzd4K8uv/Gnjgt

Score

10^/10

rat d6iz formbook

Malware Config

Extracted

Family

formbook

Campaign

d6iz

Decoy

FkA/Rc+zw+0paU+GEiQh+g==

u54Xp6nujzFowU4P

EOvDCsjIcMgdORQ=

AuwHDKo90fNowU4P

pgyJWSAeSn6PEafn3w==

3uX1Rw+ed9vrNQ==

jF5ap2Dv9C1PwGrd2Q==

HO748Nunv9ftKA==

Y3nTdCLF3gspa0+HEiQh+g==

sTcJEshxAzXL5wGzPaA=

E/w4u2Vb6henwGrd2Q==

HyiDPgQFmbk/EuMX3D7NrWLX0XU=

E2QDkA/Sapg7+GJV8ULKrGLX0XU=

OSgyD3k1WHd+8vQc48OmEfvTww==

AVwcD5BnNY6o588P2A==

OghAuUYpwNlqf3CtJsAyRL5h

qQbNBg5d+StQ22hVZXWVOK0=

/+bLGhaIK8gdORQ=

2EwZLB/UCA4=

he9L+LfD0TAFfsIA0Q==

Signatures

Formbook family
formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_349ce1bd4da04c04f7288031ff263eb2e89478ae08754f61a5c6649a7a3831e8

Files

JaffaCakes118_349ce1bd4da04c04f7288031ff263eb2e89478ae08754f61a5c6649a7a3831e8
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB