MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0dcc0b25c073c73ae67b48662ec4c81932ff862afdaac7cba1efa63290d6902f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 3 Yara 1 Comments

SHA256 hash: 0dcc0b25c073c73ae67b48662ec4c81932ff862afdaac7cba1efa63290d6902f
SHA1 hash: fcbcb2007364db52e8ffa4327d26293c885c45d0
MD5 hash: 8cedb9db8e9bcb5d32def1faf7d83bb5
File name:Payment Notification.pdf.exe
Download: download sample
Signature Formbook
File size:324'096 bytes
First seen:2020-05-22 14:11:00 UTC
Last seen:2020-05-22 20:34:08 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 255099a339a7f0c44ae1d5330f7354e4
ssdeep 3072:Ee56tbEjHbAxJzAW6EXXYicn6nvRytljFbJEKQpWzKkwYj/boKuUNZz78qvXCoze:E/tbjnzAW/oijnvR8FNxbeMpXDzdks
TLSH 2F64BE22B568963CD93FA0B47AC7DEE6DDC594E3603F5C5AC42CC109C92CA82C597277
Reporter @abuse_ch
Tags:exe FormBook

Malspam distributing Formbook:

Sending IP:
From: <>
Subject: Payment Notification
Attachment: Payment (contains "Payment Notification.pdf.exe")


Mail intelligence
Trap location Impact
Global Low
# of uploads 3
# of downloads 30
Origin country US US
ClamAV PUA.Win.Downloader.Aiis-6803892-0
VirusTotal:Virustotal results 24.66%
ReversingLabs :No data

Yara Signatures

Rule name:win_nymaim_g0
Author:mak, msm,

File information

The table below shows additional information about this malware sample such as delivery method and external references.



Executable exe 0dcc0b25c073c73ae67b48662ec4c81932ff862afdaac7cba1efa63290d6902f

(this sample)

Delivery method
Distributed via e-mail attachment