MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7d59dfed8b95da94664078ba62cc2b0eb6d1a346b6d4d480aef47800680c74a5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

FormBook

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	7d59dfed8b95da94664078ba62cc2b0eb6d1a346b6d4d480aef47800680c74a5
SHA3-384 hash:	ddc39382efee999616c9ffa0093eb6f0abada40c2eacc68b8ae6b66c1ecb74d1c2159c1a165daad7513f6c09f68235fe
SHA1 hash:	39b09ed38839fdb4672b012516fc537b6ee68524
MD5 hash:	b4f611df19439ae9bc4cc525f19a2e53
humanhash:	fish-kansas-purple-nebraska
File name:	PO-SK2003202011.exe
Download:	download sample
Signature	FormBook Create hunting rule
File size:	77'824 bytes
First seen:	2020-03-20 10:58:36 UTC
Last seen:	2020-03-20 12:39:17 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	07fcfa66d962346f60e4aadfe80b8e20 (1 x FormBook)
ssdeep	768:8Y4IhlAFcTu8uSjxpTof2KnRGgCmPrQJzbJMYmgzBsEM2B97:8Yf/uY/u4jTlUPr+SYmgoIt
Threatray	4'835 similar samples on MalwareBazaar
TLSH	FA737D03FA50E826CC598B7D7C16D69021277C9D7941D68B33D8BF1F78F01A28E6BA18
Reporter	cocaman
Tags:	exe FormBook

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.42867282.32218.13510.UNOFFICIAL

Win.Trojan.Vebzenpak-7640209-0

Win.Trojan.Vebzenpak-7640241-0

Win.Trojan.Vebzenpak-7699953-0

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-03-20 11:51:29 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

26 of 30 (86.67%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=pvm573mlsxnjizsapc5gftblb23ndi2gw3knjafo6r4aa2amossq._file

Verdict:

malicious

Label(s):

guloader

FormBook

0dcc0b25c073c73ae67b48662ec4c81932ff862afdaac7cba1efa63290d6902f

FormBook

2bde030373678bb2df1223cd3e3c4e7f2992e30739dcc63b688368f02a100067

FormBook

2f771c3a96ef9ec780781a8082aa6aa1f0d885224e6feef33f3cd7bf5e847a48

FormBook

3a0804b5ee36b66aa44341d7f9397cb93291fd788517e632b2b6a00678a5ebe3

FormBook

6e67f9295d091f8c9fc762c738712a3516c295b3e22bc8f41465c8633cda5114

FormBook

8842ac3497c777517b2f18152eabaa0994a460d249773a5e89a4e16bca2bd741

FormBook

cd88f1f0051fb232edba57fff3fc2b789e0b286ec9b938d8f31c3ef52c6848df

FormBook

d994985a0e58672d0274aa6d90e7c420858e61ba9a42f1d8650a793de687714a

FormBook

ee886ad4641b398a0c45a2e4395d031727c8caf0054962d0ecb868a0112758a0

FormBook

+ 4'825 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7d59dfed8b95da94664078ba62cc2b0eb6d1a346b6d4d480aef47800680c74a5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

gz bc38f4a05e98469f7ad9b38574e259f3f6140b73150a7ffd1d5d2ea786f8bdb9

FormBook

exe 7d59dfed8b95da94664078ba62cc2b0eb6d1a346b6d4d480aef47800680c74a5

(this sample)

Delivery method

Other

Dropped by

SHA256 bc38f4a05e98469f7ad9b38574e259f3f6140b73150a7ffd1d5d2ea786f8bdb9

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::EVENT_SINK_AddRef

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample