13.0.DpiScaling.exe.72480000.3.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
13.0.DpiScaling.exe.72480000.3.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
13.0.DpiScaling.exe.72480000.3.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x15cd9:$sqlite3step: 68 34 1C 7B E1
- 0x15dec:$sqlite3step: 68 34 1C 7B E1
- 0x15d08:$sqlite3text: 68 38 2A 90 C5
- 0x15e2d:$sqlite3text: 68 38 2A 90 C5
- 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
|
22.0.logagent.exe.72480000.3.raw.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
22.0.logagent.exe.72480000.3.raw.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
22.0.logagent.exe.72480000.3.raw.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x16ad9:$sqlite3step: 68 34 1C 7B E1
- 0x16bec:$sqlite3step: 68 34 1C 7B E1
- 0x16b08:$sqlite3text: 68 38 2A 90 C5
- 0x16c2d:$sqlite3text: 68 38 2A 90 C5
- 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
|
25.0.logagent.exe.72480000.2.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
25.0.logagent.exe.72480000.2.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
25.0.logagent.exe.72480000.2.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x15cd9:$sqlite3step: 68 34 1C 7B E1
- 0x15dec:$sqlite3step: 68 34 1C 7B E1
- 0x15d08:$sqlite3text: 68 38 2A 90 C5
- 0x15e2d:$sqlite3text: 68 38 2A 90 C5
- 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
|
22.0.logagent.exe.72480000.2.raw.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
22.0.logagent.exe.72480000.2.raw.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
22.0.logagent.exe.72480000.2.raw.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x16ad9:$sqlite3step: 68 34 1C 7B E1
- 0x16bec:$sqlite3step: 68 34 1C 7B E1
- 0x16b08:$sqlite3text: 68 38 2A 90 C5
- 0x16c2d:$sqlite3text: 68 38 2A 90 C5
- 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
|
25.2.logagent.exe.72480000.2.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
25.2.logagent.exe.72480000.2.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
25.2.logagent.exe.72480000.2.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x15cd9:$sqlite3step: 68 34 1C 7B E1
- 0x15dec:$sqlite3step: 68 34 1C 7B E1
- 0x15d08:$sqlite3text: 68 38 2A 90 C5
- 0x15e2d:$sqlite3text: 68 38 2A 90 C5
- 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
|
13.0.DpiScaling.exe.72480000.2.raw.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
13.0.DpiScaling.exe.72480000.2.raw.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
13.0.DpiScaling.exe.72480000.2.raw.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x16ad9:$sqlite3step: 68 34 1C 7B E1
- 0x16bec:$sqlite3step: 68 34 1C 7B E1
- 0x16b08:$sqlite3text: 68 38 2A 90 C5
- 0x16c2d:$sqlite3text: 68 38 2A 90 C5
- 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
|
13.0.DpiScaling.exe.72480000.1.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
13.0.DpiScaling.exe.72480000.1.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
13.0.DpiScaling.exe.72480000.1.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x15cd9:$sqlite3step: 68 34 1C 7B E1
- 0x15dec:$sqlite3step: 68 34 1C 7B E1
- 0x15d08:$sqlite3text: 68 38 2A 90 C5
- 0x15e2d:$sqlite3text: 68 38 2A 90 C5
- 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
|
13.0.DpiScaling.exe.72480000.0.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
13.0.DpiScaling.exe.72480000.0.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
13.0.DpiScaling.exe.72480000.0.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x15cd9:$sqlite3step: 68 34 1C 7B E1
- 0x15dec:$sqlite3step: 68 34 1C 7B E1
- 0x15d08:$sqlite3text: 68 38 2A 90 C5
- 0x15e2d:$sqlite3text: 68 38 2A 90 C5
- 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
|
13.0.DpiScaling.exe.72480000.3.raw.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
13.0.DpiScaling.exe.72480000.3.raw.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
13.0.DpiScaling.exe.72480000.3.raw.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x16ad9:$sqlite3step: 68 34 1C 7B E1
- 0x16bec:$sqlite3step: 68 34 1C 7B E1
- 0x16b08:$sqlite3text: 68 38 2A 90 C5
- 0x16c2d:$sqlite3text: 68 38 2A 90 C5
- 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
|
13.2.DpiScaling.exe.72480000.3.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
13.2.DpiScaling.exe.72480000.3.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
13.2.DpiScaling.exe.72480000.3.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x15cd9:$sqlite3step: 68 34 1C 7B E1
- 0x15dec:$sqlite3step: 68 34 1C 7B E1
- 0x15d08:$sqlite3text: 68 38 2A 90 C5
- 0x15e2d:$sqlite3text: 68 38 2A 90 C5
- 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
|
22.0.logagent.exe.72480000.3.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
22.0.logagent.exe.72480000.3.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
22.0.logagent.exe.72480000.3.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x15cd9:$sqlite3step: 68 34 1C 7B E1
- 0x15dec:$sqlite3step: 68 34 1C 7B E1
- 0x15d08:$sqlite3text: 68 38 2A 90 C5
- 0x15e2d:$sqlite3text: 68 38 2A 90 C5
- 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
|
25.0.logagent.exe.72480000.2.raw.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
25.0.logagent.exe.72480000.2.raw.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
25.0.logagent.exe.72480000.2.raw.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x16ad9:$sqlite3step: 68 34 1C 7B E1
- 0x16bec:$sqlite3step: 68 34 1C 7B E1
- 0x16b08:$sqlite3text: 68 38 2A 90 C5
- 0x16c2d:$sqlite3text: 68 38 2A 90 C5
- 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
|
25.0.logagent.exe.72480000.0.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
25.0.logagent.exe.72480000.0.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
25.0.logagent.exe.72480000.0.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x15cd9:$sqlite3step: 68 34 1C 7B E1
- 0x15dec:$sqlite3step: 68 34 1C 7B E1
- 0x15d08:$sqlite3text: 68 38 2A 90 C5
- 0x15e2d:$sqlite3text: 68 38 2A 90 C5
- 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
|
13.0.DpiScaling.exe.72480000.0.raw.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
13.0.DpiScaling.exe.72480000.0.raw.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
13.0.DpiScaling.exe.72480000.0.raw.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x16ad9:$sqlite3step: 68 34 1C 7B E1
- 0x16bec:$sqlite3step: 68 34 1C 7B E1
- 0x16b08:$sqlite3text: 68 38 2A 90 C5
- 0x16c2d:$sqlite3text: 68 38 2A 90 C5
- 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
|
22.2.logagent.exe.72480000.2.raw.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
22.2.logagent.exe.72480000.2.raw.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
22.2.logagent.exe.72480000.2.raw.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x16ad9:$sqlite3step: 68 34 1C 7B E1
- 0x16bec:$sqlite3step: 68 34 1C 7B E1
- 0x16b08:$sqlite3text: 68 38 2A 90 C5
- 0x16c2d:$sqlite3text: 68 38 2A 90 C5
- 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
|
22.2.logagent.exe.72480000.2.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
22.2.logagent.exe.72480000.2.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
22.2.logagent.exe.72480000.2.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x15cd9:$sqlite3step: 68 34 1C 7B E1
- 0x15dec:$sqlite3step: 68 34 1C 7B E1
- 0x15d08:$sqlite3text: 68 38 2A 90 C5
- 0x15e2d:$sqlite3text: 68 38 2A 90 C5
- 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
|
25.0.logagent.exe.72480000.3.raw.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
25.0.logagent.exe.72480000.3.raw.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
25.0.logagent.exe.72480000.3.raw.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x16ad9:$sqlite3step: 68 34 1C 7B E1
- 0x16bec:$sqlite3step: 68 34 1C 7B E1
- 0x16b08:$sqlite3text: 68 38 2A 90 C5
- 0x16c2d:$sqlite3text: 68 38 2A 90 C5
- 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
|
13.0.DpiScaling.exe.72480000.1.raw.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
13.0.DpiScaling.exe.72480000.1.raw.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
13.0.DpiScaling.exe.72480000.1.raw.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x16ad9:$sqlite3step: 68 34 1C 7B E1
- 0x16bec:$sqlite3step: 68 34 1C 7B E1
- 0x16b08:$sqlite3text: 68 38 2A 90 C5
- 0x16c2d:$sqlite3text: 68 38 2A 90 C5
- 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
|
22.0.logagent.exe.72480000.0.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
22.0.logagent.exe.72480000.0.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
22.0.logagent.exe.72480000.0.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x15cd9:$sqlite3step: 68 34 1C 7B E1
- 0x15dec:$sqlite3step: 68 34 1C 7B E1
- 0x15d08:$sqlite3text: 68 38 2A 90 C5
- 0x15e2d:$sqlite3text: 68 38 2A 90 C5
- 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
|
25.0.logagent.exe.72480000.1.raw.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
25.0.logagent.exe.72480000.1.raw.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
25.0.logagent.exe.72480000.1.raw.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x16ad9:$sqlite3step: 68 34 1C 7B E1
- 0x16bec:$sqlite3step: 68 34 1C 7B E1
- 0x16b08:$sqlite3text: 68 38 2A 90 C5
- 0x16c2d:$sqlite3text: 68 38 2A 90 C5
- 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
|
22.0.logagent.exe.72480000.0.raw.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
22.0.logagent.exe.72480000.0.raw.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
22.0.logagent.exe.72480000.0.raw.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x16ad9:$sqlite3step: 68 34 1C 7B E1
- 0x16bec:$sqlite3step: 68 34 1C 7B E1
- 0x16b08:$sqlite3text: 68 38 2A 90 C5
- 0x16c2d:$sqlite3text: 68 38 2A 90 C5
- 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
|
22.0.logagent.exe.72480000.2.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
22.0.logagent.exe.72480000.2.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
22.0.logagent.exe.72480000.2.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x15cd9:$sqlite3step: 68 34 1C 7B E1
- 0x15dec:$sqlite3step: 68 34 1C 7B E1
- 0x15d08:$sqlite3text: 68 38 2A 90 C5
- 0x15e2d:$sqlite3text: 68 38 2A 90 C5
- 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
|
25.0.logagent.exe.72480000.0.raw.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
25.0.logagent.exe.72480000.0.raw.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
25.0.logagent.exe.72480000.0.raw.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x16ad9:$sqlite3step: 68 34 1C 7B E1
- 0x16bec:$sqlite3step: 68 34 1C 7B E1
- 0x16b08:$sqlite3text: 68 38 2A 90 C5
- 0x16c2d:$sqlite3text: 68 38 2A 90 C5
- 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
|
22.0.logagent.exe.72480000.1.raw.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
22.0.logagent.exe.72480000.1.raw.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
22.0.logagent.exe.72480000.1.raw.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x16ad9:$sqlite3step: 68 34 1C 7B E1
- 0x16bec:$sqlite3step: 68 34 1C 7B E1
- 0x16b08:$sqlite3text: 68 38 2A 90 C5
- 0x16c2d:$sqlite3text: 68 38 2A 90 C5
- 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
|
22.0.logagent.exe.72480000.1.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
22.0.logagent.exe.72480000.1.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
22.0.logagent.exe.72480000.1.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x15cd9:$sqlite3step: 68 34 1C 7B E1
- 0x15dec:$sqlite3step: 68 34 1C 7B E1
- 0x15d08:$sqlite3text: 68 38 2A 90 C5
- 0x15e2d:$sqlite3text: 68 38 2A 90 C5
- 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
|
13.0.DpiScaling.exe.72480000.2.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
13.0.DpiScaling.exe.72480000.2.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
13.0.DpiScaling.exe.72480000.2.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x15cd9:$sqlite3step: 68 34 1C 7B E1
- 0x15dec:$sqlite3step: 68 34 1C 7B E1
- 0x15d08:$sqlite3text: 68 38 2A 90 C5
- 0x15e2d:$sqlite3text: 68 38 2A 90 C5
- 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
|
25.0.logagent.exe.72480000.3.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
25.0.logagent.exe.72480000.3.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
25.0.logagent.exe.72480000.3.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x15cd9:$sqlite3step: 68 34 1C 7B E1
- 0x15dec:$sqlite3step: 68 34 1C 7B E1
- 0x15d08:$sqlite3text: 68 38 2A 90 C5
- 0x15e2d:$sqlite3text: 68 38 2A 90 C5
- 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
|
25.2.logagent.exe.72480000.2.raw.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
25.2.logagent.exe.72480000.2.raw.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
25.2.logagent.exe.72480000.2.raw.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x16ad9:$sqlite3step: 68 34 1C 7B E1
- 0x16bec:$sqlite3step: 68 34 1C 7B E1
- 0x16b08:$sqlite3text: 68 38 2A 90 C5
- 0x16c2d:$sqlite3text: 68 38 2A 90 C5
- 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
|
25.0.logagent.exe.72480000.1.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
25.0.logagent.exe.72480000.1.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
25.0.logagent.exe.72480000.1.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x15cd9:$sqlite3step: 68 34 1C 7B E1
- 0x15dec:$sqlite3step: 68 34 1C 7B E1
- 0x15d08:$sqlite3text: 68 38 2A 90 C5
- 0x15e2d:$sqlite3text: 68 38 2A 90 C5
- 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
|
13.2.DpiScaling.exe.72480000.3.raw.unpack | JoeSecurity_FormBook | Yara detected FormBook | Joe Security | |
13.2.DpiScaling.exe.72480000.3.raw.unpack | Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com | - 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
- 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
- 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
- 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
- 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
- 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
- 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
- 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D
- 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4
- 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
|
13.2.DpiScaling.exe.72480000.3.raw.unpack | Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group | - 0x16ad9:$sqlite3step: 68 34 1C 7B E1
- 0x16bec:$sqlite3step: 68 34 1C 7B E1
- 0x16b08:$sqlite3text: 68 38 2A 90 C5
- 0x16c2d:$sqlite3text: 68 38 2A 90 C5
- 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C
- 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
|
Click to see the 85 entries |