formbook | JaffaCakes118_a32d64ca81ad52398bcf78d5772f00ae0d1786e16fd433c3b34e99b719c20f78

General

Target

JaffaCakes118_a32d64ca81ad52398bcf78d5772f00ae0d1786e16fd433c3b34e99b719c20f78
Size

188KB
MD5

087b9c961e432a56be6c734710016e10
SHA1

b577ca46e861ac32c8f7cfcc1ea8e84cc787ea8f
SHA256

a32d64ca81ad52398bcf78d5772f00ae0d1786e16fd433c3b34e99b719c20f78
SHA512

70c9ff92f4d8b7cfe414b365844e77c6d020d71f1664c56d7fb5f84f9e1255232a98a9cedbcbb87a85699a4de36c745268aed3ece8716ed6b40126eadd1776ec
SSDEEP

3072:fZavUqUs4EeuYtWh2kiz26kiYOD9fhbrEq+M5E/uSQ5SSA/AI/xm:cUqBeuYg2ubJA5bYqIuSQQSA/d

Score

10^/10

rat douy formbook

Malware Config

Extracted

Family

formbook

Campaign

douy

Decoy

q/gE5cI3rDQ=

mWCSTU/0Qg0y2LI=

Ozoj90916XZyH/FO1eCN0FbH3B8AxgG7Ew==

g5GYftfE/MwWgYzxjKuH

vYfWrnDlWBLBYqeE

Ovww28VyrH1wHcha2A==

lqgaxrprk2qvYslb2g==

oELEK3LYUxWCa7iY1pVWxhBaQQ==

8Qp7H/31ZmEJzbA=

v1ZJvbrbN8Csuid/4vRrXKLjDoB3PQa5

ZCbNYcXjHpvlbrKO

9LL1wbJRw4QPGFwyQxePqS2ZaO3T1Q==

H9oCe3eR/b6yh8lO07snFpmfgI0=

+9aXS875O7eqViZPlo47yhxnSw==

eTqN+HUSjk3lbrKO

xDCvt/BcVjCQ

+5yHTtcBR9bcr/Ok2xfBCw==

up7eiFXqd0blbrKO

tIDEiHde4YZeHcha2A==

CNDqbko6tnpqHcha2A==

Signatures

Formbook family
formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_a32d64ca81ad52398bcf78d5772f00ae0d1786e16fd433c3b34e99b719c20f78

Files

JaffaCakes118_a32d64ca81ad52398bcf78d5772f00ae0d1786e16fd433c3b34e99b719c20f78
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB