formbook | JaffaCakes118_9c6f4c900e9bbc9767eb249752ee268464f9bcb43a9b97775481330325d69fdc

General

Target

JaffaCakes118_9c6f4c900e9bbc9767eb249752ee268464f9bcb43a9b97775481330325d69fdc
Size

188KB
MD5

9d9488a3dbd032d0ab21f05dc16f662d
SHA1

807b7d2679d754394518ef322b54fe4aa85ace82
SHA256

9c6f4c900e9bbc9767eb249752ee268464f9bcb43a9b97775481330325d69fdc
SHA512

7c867a4ab449fd63aefbe05b95f54ef920d4488cb18973448f23d945bb0867274e4418cc150fa2abccfa01e4b4bebfb5d7d6b7afb2e152186e1b24901eef20e9
SSDEEP

3072:GlDGNxn8uL5dNWd0fCq5E2oNLpkvC88UaalZditiC7Bde4R0YsDg:GlAx39dU073olpGBa0ZditiMAg

Score

10^/10

rat bi0n formbook

Malware Config

Extracted

Family

formbook

Campaign

bi0n

Decoy

3KYw9ovswPHR8QjRyDcR1P46YXc=

/i8gGNAsn2I4VHkv7E44xdsQ

0oYE4IF6u2qKez0TkX0VsLfQKmrUvA==

0nUgH3O7ILSf55sR

B8eQnZvxZq0i

35ZK/5/4VQ/51I0u6044xdsQ

LEkzAqEVlUvz3KShj/I=

FuRY/gTKCbaGD8B4r+CF

WAx3RjCdHNeoyqShj/I=

G9OonMc0ee4OO10=

pVnKruS9wrUShKiD+mxBETGimk6j2w6sbA==

Ek0YsB98EYYQ34QJxDAMpNEJ

Pf3g1xANKHVWtJipZo8tOpc=

avm1BbiAitY/XGkG

AL1jTUvMB9LU8JUx7U44xdsQ

9rY39HDHSAvJ3wT5a5h0NXS4FX8=

uNfEhR+jBsooG0Q=

z4kkKTW4P6VO8hXISnhTWQ==

yU0Km8lo11zmnlU=

FL1xdvfWE7Z172AKWeU=

Signatures

Formbook family
formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_9c6f4c900e9bbc9767eb249752ee268464f9bcb43a9b97775481330325d69fdc

Files

JaffaCakes118_9c6f4c900e9bbc9767eb249752ee268464f9bcb43a9b97775481330325d69fdc
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB