MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 12b62af6539e46350a256cc22d72b17b2d005507ff7332390da2fc2ebe159bb1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

FormBook

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	12b62af6539e46350a256cc22d72b17b2d005507ff7332390da2fc2ebe159bb1
SHA3-384 hash:	5b1d8349bd2f74e0593e367daed430b3549bd60daee0ce80a7479bb62faed54648bd4c656c29001341d801305fa2ab82
SHA1 hash:	b8a8973556c4b5940453798e48d2b5afec69e161
MD5 hash:	7fca0c8e71e8fb0b4bbd3019113a4130
humanhash:	single-berlin-wisconsin-yankee
File name:	12b62af6539e46350a256cc22d72b17b2d005507ff7332390da2fc2ebe159bb1
Download:	download sample
Signature	FormBook Create hunting rule
File size:	1'097'728 bytes
First seen:	2020-03-23 18:52:55 UTC
Last seen:	2020-03-24 07:34:07 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	11e398ffcc5ee170b420f41519610025 (1 x FormBook)
ssdeep	6144:fsa0b8YR7NscHoEJZlcTxkpY4tTsjxCirA8rr4FkhVDtZMHGZZZZZZZZZZZZZZZV:Uaxi7Ns//A5TuUi3ou4yZb
Threatray	4'743 similar samples on MalwareBazaar
TLSH	FF358DD0E5949A35F49AD5729603D1BAC0F0670B17FCEAE1C625E614BE0C2CE8E3E64D
Reporter	Marco_Ramilli
Tags:	exe FormBook

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.0050bf5c-7167998-0

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2017-04-21 19:19:00 UTC

AV detection:

26 of 31 (83.87%)

Threat level:

5/5

Verdict:

malicious

Label(s):

netwirerc

FormBook

1edf8c6bcf0ae2b38e9e28bcb1fd838c2ea35b5b126e4bc9e42daa2e1e722298

FormBook

2460c3a92796b5c40abef5471ee446623489b3c1bfb70f1015ab74961d477561

FormBook

3ec51daa2ad133cfcdce1ffca7081f96ee58d9b5c2d302cee732e6e2cc3d8cc6

FormBook

77839da1c15d6390080afe07320af399a007d5b69bf4fcdf63fc71e795929cf7

FormBook

7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6

FormBook

a492b017c3e12fe55493c562ed1304155616cb61b24f6dce0bfcd3eb7a7bdaf5

FormBook

a6009a6b0724811f3bb71fc6f0c6b3b1aad71448948175949c7eb8af82034e91

FormBook

b801afb5529bee671ee0219b95450122f641260b372695c89d7bdc5c2c227b65

FormBook

ef14e580eca50b75acae60fa7c6642fa89fc91ee8492f5193608937f4d78781b

FormBook

+ 4'733 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

FormBook

exe 12b62af6539e46350a256cc22d72b17b2d005507ff7332390da2fc2ebe159bb1

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/250604/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::__vbaSetSystemError MSVBVM60.DLL::__vbaObjSetAddref MSVBVM60.DLL::EVENT_SINK_AddRef MSVBVM60.DLL::__vbaErrorOverflow

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample