MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ae438370eda70ba48a763c526e61b068e16d11cbd00e9cb504d6f1eeb7442d22. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 3 Yara Comments

SHA256 hash: ae438370eda70ba48a763c526e61b068e16d11cbd00e9cb504d6f1eeb7442d22
SHA3-384 hash: 2a81b4deda487346691feeb20467ebd5a054ba554f283df89f2762f32e1f3e2a8fbe9159b1f9e07e4625b58597446567
SHA1 hash: ae5ec84f56c65239862745ef217d6b883f0375d6
MD5 hash: b299b28f77a9de1c0f5bb30cf8522aa2
humanhash: xray-finch-october-delaware
File name:benzway.exe
Download: download sample
Signature Formbook
File size:702'976 bytes
First seen:2020-06-30 06:04:48 UTC
Last seen:2020-06-30 07:01:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 24f26e153c9b6068c0a4770547eb6d9e
ssdeep 12288:LCbpcLhilrm7G8oclWEAroCo3DQmTl7/RmATiGn4NAq70ix:cuLhi80Jro7FR1H4Nxwi
TLSH B6E49E22E7A0443FF072367D9D2B57BC982ABD51392C79472BE4DC7C6F292413926287
Reporter @Jouliok
Tags:exe FormBook


Mail intelligence No data
# of uploads 2
# of downloads 33
Origin country GB GB
CAPE Sandbox Detection:Formbook
ClamAV PUA.Win.Adware.Slugin-6803969-0
CERT.PL MWDB Detection:formbook
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Injector
First seen:2020-06-30 06:06:05 UTC
AV detection:30 of 31 (96.77%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:formbook
Tags:evasion trojan spyware stealer family:formbook persistence
VirusTotal:Virustotal results 47.95%

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download


Executable exe ae438370eda70ba48a763c526e61b068e16d11cbd00e9cb504d6f1eeb7442d22

(this sample)

Delivery method
Distributed via web download