MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8f4bb4bd0cff9da6a0aee3e0204732840f045fab3ae23020385646fc47aae9f4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 2 File information 4 Yara 3 Comments

SHA256 hash: 8f4bb4bd0cff9da6a0aee3e0204732840f045fab3ae23020385646fc47aae9f4
SHA3-384 hash: f37777597e8c1cbc9cf2ba314c4ce934dc7fd3ecb1c84ef6b300ae9b702c03f24c15e05542340aff72df6b7e1ebc4028
SHA1 hash: b451c5667a1491a99e7c54e549fa89049beba10f
MD5 hash: 724b0343f5f55aab914f610c1164cdcd
humanhash: angel-tennis-earth-ceiling
File name:Payment Slip_GS2004011507 & GS2005014760_pdf.exe
Download: download sample
Signature FormBook
File size:312'081 bytes
First seen:2020-06-30 06:03:17 UTC
Last seen:2020-06-30 11:41:37 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7c2c71dfce9a27650634dc8b1ca03bf0
ssdeep 6144:VPCganNRStrVpXem5+ZbEcfqyR0IhuNyMDhSj02FfE/3TscQolEJ8:7anatrVpXZANF08MDhSRKDsc0i
TLSH F164131522F0A4E3D46E49F015BE3B66B6B56F0AD2821747EBC43A143DB3A834F1F159
Reporter @abuse_ch
Tags:exe FormBook

Malspam distributing FormBook:

Sending IP:
From: ChinPhil Marine Services <>
Subject: PAYMENT for Invoice GS2004011507 & GS2005014760 100% Deposit(OVERDUE DATE-06 MAY 2018)
Attachment: Payment Slip_GS2004011507 _ GS2005014760.pdf.arj (contains "Payment Slip_GS2004011507 & GS2005014760_pdf.exe")


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 35
Origin country FR FR
CAPE Sandbox Detection:n/a
ClamAV PUA.Win.Downloader.Soft32downloader-6691270-0
CERT.PL MWDB Detection:n/a
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Injexa
First seen:2020-06-30 01:21:02 UTC
AV detection:22 of 31 (70.97%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   7/10
Malware Family:n/a
Tags:evasion trojan
VirusTotal:Virustotal results 16.67%

Yara Signatures

Rule name:Formbook
Author:JPCERT/CC Incident Response Group
Description:detect Formbook in memory
Reference:internal research
Rule name:win_formbook_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator
Rule name:win_formbook_g0
Author:Slavo Greminger, SWITCH-CERT

File information

The table below shows additional information about this malware sample such as delivery method and external references.



Executable exe 8f4bb4bd0cff9da6a0aee3e0204732840f045fab3ae23020385646fc47aae9f4

(this sample)

Delivery method
Distributed via e-mail attachment