MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 11892c93ce6ecc668a92bcbb2e618edbc40f87cea8938e2dbe7061cbc6d1f689. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 11892c93ce6ecc668a92bcbb2e618edbc40f87cea8938e2dbe7061cbc6d1f689
SHA3-384 hash: 880e6c02bbebac64a5c86146e72616f596c1bebfa01317e8dca7b5cb77b3daa7504301fbc94113b7fe5c118584c152cf
SHA1 hash: 3d1389ab70beb500c1d3e73bcda2016d92892050
MD5 hash: 004950838e4935f88dbf17951efece29
humanhash: crazy-angel-bravo-aspen
File name:1st Revised_pdf.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:410'624 bytes
First seen:2020-03-19 11:17:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash bd01578e2bc2f64b0dfa8bc9c00d0182 (1 x FormBook)
ssdeep 6144:GSFMrexkS4mkmOBFcAd0FVECVm5/R9r077idGNQhqInIZfjKkiPpp/jhOiERtKV/:L3/OXMVh62Qh0jKB1OXCV07QztnVX
Threatray 2'229 similar samples on MalwareBazaar
TLSH 7A9423F8E89DB6F7F6A96AF7B2184B284360921254284B03CD4ECECFB5794416B91D13
Reporter jarumlus
Tags:FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upx-49
Create hunting rule

PUA.Win.Packer.UpxProtector-1
Create hunting rule

PUA.Win.Packer.Upolyx-12
Create hunting rule

PUA.Win.Packer.Upx-6
Create hunting rule

PUA.Win.Packer.Upx-4
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-19 16:51:51 UTC
AV detection:
28 of 31 (90.32%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cgesze6on3ggncusxs5s4ymo3pca7b6ovcjy4ln6obq4xrwr62eq._file
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
09a67c040e7c62e6dd1c7ef264524d15f8ac6f91cf238e429ef638dfc3225556
FormBook
157ef05047452109ec1552af00806f1469254bc14a5cc942e41180ee82d508a7
FormBook
1d1c9ee0b1adaa5a121fd70d332785395ad22538f9cdc7db44414c1604e28919
FormBook
1e1a825c158fefa17df9237a4be60bc99e1a2a42ded631c8636b6af668b1627f
FormBook
2084e95f6624b243760b5ac8e5f486168a84a08cb0d71b285f01720ebd77ee8f
FormBook
2fdb0d7b083751a10db872738e974f869b99f2ca21891a5fb96bc9440f827ffb
FormBook
30bbf2043054b92e495bbd55f67e43b8eafce430bf31d8aaa4899385e503cdbe
FormBook
3527457b184139953c43be59287281eb8f797e9cc8f3e9d637362276fe4f83a2
FormBook
59fd7c02b088d002266c00f7f97f083d578fa76be1a1981961d6f411817f3f25
FormBook
8df71043e89088e65c08e918cdd0d0278e78ce39d3d22e04e0310c3d7ec50b28
FormBook
+ 2'219 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/11892c93ce6ecc668a92bcbb2e618edbc40f87cea8938e2dbe7061cbc6d1f689

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
MULTIMEDIA_APICan Play Multimediawinmm.dll::mciSendCommandA
WIN_BASE_APIUses Win Base APIKERNEL32.DLL::LoadLibraryA

Comments