formbook | JaffaCakes118_f523ca89c4799e0d36e4ffc8b619b2819796770cb123c1b56ceb47e31687b7b8

General

Target

JaffaCakes118_f523ca89c4799e0d36e4ffc8b619b2819796770cb123c1b56ceb47e31687b7b8
Size

172KB
MD5

1b639e2ebfbf0f40d04cadc4a2fd8e09
SHA1

1d5cc35fe75d11d65dcd61f08ccd1eaf8857120e
SHA256

f523ca89c4799e0d36e4ffc8b619b2819796770cb123c1b56ceb47e31687b7b8
SHA512

e182acaafb7ba3575eed167a4cb2948a960ce82ad5e2b9fb68535ef7cc60a16697c111137ff8f3a0438eb7f68751106ec77dd21f2407fac95d0c2f666920d6c9
SSDEEP

3072:R2EfC/g4mjtyWZvxOhjAyHtm5uDbeEAYbCstayfPjyJy8o0Uzj:RvC4ZjtBxONDtm8aEAYbjHfbYyj

Score

10^/10

rat hqbo formbook

Malware Config

Extracted

Family

formbook

Campaign

hqbo

Decoy

mwc6l86PJPZCD9Gt0q391w==

h8WuFPEOFmGLG1Q=

7dt6icaDMSJXNKQRxmsc

VCPQuBGfPDQ74U/hUBcSJRSrwF0=

wespuyTDPCBIysXwj4/23w==

qJYwD3wmybIoqYGP6GoU

N9H9UYIs27f3w+D5j4/23w==

ZDeOOF0sDqq2x+jq

jAZ9j/SZVUuJTK4Rxmsc

syg3zEQb0sUwxTTi

0F23IFLzE2AL2twRDObSkE8=

dpC9Ta1LZLCPptrveCsXkYeT

Z3uaQFxP3gc89j71

e5i3FoJZ48LqdoGXXA==

KIuwBF4KZnpdVw==

oCqfe+J14bIwxTTi

ICIFWLyScNx5Ug==

d/sqxzgYSyaNJVU=

2/UghriHtprPTURW3595e68NMJLPos4=

pEfdvFgCbU5jImqCXg==

Signatures

Formbook family
formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_f523ca89c4799e0d36e4ffc8b619b2819796770cb123c1b56ceb47e31687b7b8

Files

JaffaCakes118_f523ca89c4799e0d36e4ffc8b619b2819796770cb123c1b56ceb47e31687b7b8
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 167KB - Virtual size: 167KB

.text
Size: 167KB - Virtual size: 167KB