MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 032624661ba64ab1c3ca40a7a47b3635ee6b6a3442ca6bfb7a41a4a8de7b0fb5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 032624661ba64ab1c3ca40a7a47b3635ee6b6a3442ca6bfb7a41a4a8de7b0fb5
SHA3-384 hash: 98f31e68702ad0af3fae7bd011b1d3aa9351263289e7c120bb35dca51ac24a283edb89b9c165413482ea21fe76918b98
SHA1 hash: cb8cd2fe687dbaef1499acf4f998d2df83272996
MD5 hash: 76bf2ddd451e97216d6b452baaa47f60
humanhash: carolina-delta-seventeen-cola
File name:CBIOSYS P.O. 2778.PDF.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:81'920 bytes
First seen:2020-03-23 09:22:54 UTC
Last seen:2020-03-31 14:08:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3e82174497527ff2cc113b3a7404f9e9 (1 x FormBook)
ssdeep 1536:IUM6s68Iqp7w8Y8M5YQb/a5jSjnu33pq+ij:Jo68p9w8YP2Q+5SM3S
Threatray 1'470 similar samples on MalwareBazaar
TLSH 02834B03F690E865C87C8B3E6C46D2E419177C647A81C6AB36D6FF0F68F01618F1AB59
Reporter jarumlus
Tags:FormBook

Intelligence

File Origin
# of uploads :
3
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Generic-7639438-0
Create hunting rule

Win.Dropper.Noon-7639528-0
Create hunting rule

Win.Malware.Generic-7639551-0
Create hunting rule

Win.Trojan.Vebzenpak-7639767-0
Create hunting rule

Win.Trojan.Vebzenpak-7640209-0
Create hunting rule

Win.Trojan.Vebzenpak-7699953-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-03-23 03:55:38 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=amtcizq3uzfldq6kict2i6zwgxxgw2ruilfgx632igskrxt3b62q._file
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
guloader
Create hunting rule
Similar samples:
27d318fe5d1d8f02c39b6b82690e4be83eeb3f357618cbabd7d808a23924b277
FormBook
2bd30faef9e89799bc33f076afc8f3521bc84018c8e27829e8f475ee1c8dc13b
FormBook
3df464cdb09ec8aed7589b31541a291c9b921f49b2cc97aa34d363161366db8a
FormBook
4fb3528f5fc1a30b03cf69920e1db68cd4943c1c303a09cac0723a10abfcc378
FormBook
5cd5f57afb04ba3ce4e5aaee5a7fa7d10b24a334e30911a49a4cc4cb52982848
FormBook
65bd5f3bc433f60bfc5ea392aaa33539592d657cbe2d316b25b24c9e12c225cc
FormBook
844fb0d61ff2be56043914797b2e0123e111f616bbd743e3ecfee5c340651146
FormBook
a07051295b50dfe762f42e922f6815e4554ae1b392da5810b88893cb91ac3b7e
FormBook
c76654971c4af60511d3583a3bd00c673904569aa93973687e14e95b9e80de6f
FormBook
ecbbdea89347df30a9575353b8886499a88d30f5606f60c922c62e4a56637c74
FormBook
+ 1'460 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments