MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 03200425032e7246493cae751e77c4dc2f2bfdb14cddfea1ab34f051eaaf5290. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

FormBook

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	03200425032e7246493cae751e77c4dc2f2bfdb14cddfea1ab34f051eaaf5290
SHA3-384 hash:	1d47b7133afb1f97d0e7672ea561aa704bc37cded25e678453e6787c039a3a2ca5d096a1323fa6ef7460cfdd668956f5
SHA1 hash:	0f5a4fa7de63aeb12a0085cf9fbf91898721f0e8
MD5 hash:	df546ce4cc52cbbd6d6ff0e11afffd06
humanhash:	bulldog-three-massachusetts-river
File name:	DRAFT DOCUMENTS.pdf.exe
Download:	download sample
Signature	FormBook Create hunting rule
File size:	407'552 bytes
First seen:	2020-03-22 15:13:45 UTC
Last seen:	2020-03-22 16:39:46 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	6144:/MelVs2Xw7VRZSTJLq5myuNlXl1IDcjKk6+uXBkIoaihHNkBDpjjHQDXJ12nuT:zxOGtLcmyylXDIcGke2ea63HQDXJ12u
Threatray	5'089 similar samples on MalwareBazaar
TLSH	F284BFAA7150325DC42EF4FAC5100C925661AC675707E26701F732BE49BEAA3CF246BE
Reporter	cocaman
Tags:	exe FormBook

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Generik.MDHMIFT.26115.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Noon

Status:

Malicious

First seen:

2020-03-22 06:22:21 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

21 of 30 (70.00%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=amqaijidfzzemsj4vz2r456e3qxsx7nrjto75inlgtyfd2vpkkia._file

Verdict:

malicious

FormBook

0a0ac8e138fdddc9e18357375ff41da88e340ac4dfc225d2d60976607dac8d8c

FormBook

29247c960e16e376148704241453b7a008a62c050e9d11b2bba111452acb7fa3

FormBook

3a623059d68483ec267fb4852e1209eb93c3f351ba976cc1ef92da7070c33c64

FormBook

474cad642b1cf88f8d7f922cbfd9b8a00d7fc0eb40cafc0877007ee2884f105f

FormBook

4e0e1ee117544cc9cb6784d36db3d349624ef1c888267b1e266a03ddb17d33a1

FormBook

bcc826091ec71230947aa1916263434935a58ffe5977cf415b1d970633939652

FormBook

e13acda03eb4829793beb5c0664d5752663b7ef5ae72b63724e7eaf189a9fec4

FormBook

ebb1d3f1ac0d238e6eb3ae96d4ebc49fb5a38c8669e74e65145c858339211dc7

FormBook

efaa9091d5aa1f64ae3b3c1258e90d5bb346e25e75ae3c4530ea9346380e2158

FormBook

+ 5'079 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip 2025c64899121b48f227814bccffc112746401fe93ae2aafc135ad986f53c139

FormBook

exe 03200425032e7246493cae751e77c4dc2f2bfdb14cddfea1ab34f051eaaf5290

(this sample)

Delivery method

Other

Dropped by

SHA256 2025c64899121b48f227814bccffc112746401fe93ae2aafc135ad986f53c139

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample