MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 48b6690d5bd1be4666d437e2139948e5ee78c04cafadadb0cf0cd9cccffedb82. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 48b6690d5bd1be4666d437e2139948e5ee78c04cafadadb0cf0cd9cccffedb82
SHA3-384 hash: 939c63a51af30dbca5bf1e2e603f4eff29c33e2eb4dbfb35760a05400486bc3f5936fd00cc920d5a3373807fdad3938c
SHA1 hash: 3de6fdb1e568b66407f8f09bab2d3c26deed5d91
MD5 hash: 6d425070a6a39d4d497be922c1da6ac2
humanhash: uranus-equal-angel-sad
File name:Arrival Notice.jpg.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:98'304 bytes
First seen:2020-04-01 11:30:51 UTC
Last seen:2020-04-01 14:22:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 444eda7f183ae099b0fb22e9af46f0d7 (1 x FormBook)
ssdeep 768:l5IVXTyxNZ4e8v1WS0mM8m8W/xMLO7rSJvJ6BIwtww8x55osYC5LZ6zDosgN:Ei58UUbW/x+O7rSJvNwIx55jN
Threatray 941 similar samples on MalwareBazaar
TLSH C0A3C412FA008DA5D0280EB69F35C7DC13567E25AE49FE4339893EDF7BB11646102B9B
Reporter jarumlus
Tags:FormBook GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Vebzenpak-7649913-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-04-01 11:42:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jc3gsdk32g7emzwug7rbhgki4xxhrqcmv6w23mgpbtm4zt763oba._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
007ac20801e4bd954545cdcd275522fb87687179ed8dd160ceb6e906998a0558
FormBook
02ed63cbeaf40a7221a007c8fd3641de0406943ac82f49cc5b3e85cfa0e17ec3
FormBook
0644b00b5884d167142693487ce70de79a73630bafceaa94f83e5e7051b63c2e
FormBook
1218e2c22539ce5761b41898a9ad562eeb54c27e4f786ea0374c25e2a28e7d03
FormBook
17fa709f1a866d573f997f8f1288d537de382cccc5a4f9c1811db9da34c016b2
FormBook
47d82ba4710a3924c4c552d64568cc4e7384776ba1bbf1d84e2e9104a4e094a8
FormBook
49921e6531eac85bf200970640a074072f6071b7a18d23af56706788cd421c1c
FormBook
5fb20cca77d85fedf3653f24c8109d985c946955ad50ffd18bff9e33d64bc5ef
FormBook
6fb3eca3bc35ceba9ce806f93a2855cec717897923851643f40e62dcecc2f14f
FormBook
bbf78b5fa17f5545ee34137874c4feaf707fa556256bc74bee80d58782cdd719
FormBook
+ 931 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

FormBook

Executable exe 48b6690d5bd1be4666d437e2139948e5ee78c04cafadadb0cf0cd9cccffedb82

(this sample)

FormBook

Executable exe a85f53a7ad2f536d245e47535007f2bceacfa10f08d7f3f6568781dd1794caa0

  
Dropping
SHA256 a85f53a7ad2f536d245e47535007f2bceacfa10f08d7f3f6568781dd1794caa0
  
Dropping
MD5 60621aee561eae539dd0be328ac7d0b2

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaErrorOverflow

Comments