MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 15816a85abbcc64085fc9cd88b5e1e116bb60dc33d53df8d71a8e2ffe157fd17. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 15816a85abbcc64085fc9cd88b5e1e116bb60dc33d53df8d71a8e2ffe157fd17
SHA3-384 hash: aa5bd857386be7539c6b5ccbdeb2b2d0c9cca2310cbcdc66db16bb929dc704a35d3c44c1144d7c272c9680a7081ba5db
SHA1 hash: b8325953f7e6310fe356534c3bef961e4ebdeb8d
MD5 hash: 5fd5ad405d5ad89fd52a010efcd2383b
humanhash: vegan-uniform-dakota-neptune
File name:Payment_Advice.pdf.js
Download: download sample
Signature Formbook
Create hunting rule
File size:39'891 bytes
First seen:2026-05-13 13:43:05 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 768:lNyuFQjkkb+M/u8fcG5U+RWsFUB/hH0FCF6m17Xg7nO7hedsG:CuFQjkkb+58fXi+RWs20Cr17QToh0sG
TLSH T17C0373C9BAC2B265D712B02F2E2BF496E63D0CC1F6484044FF65B4A9FD60304D97AB65
Magika javascript
Reporter James_inthe_box
Tags:exe FormBook js

Intelligence

File Origin
# of uploads :
1
# of downloads :
130
Origin country :
US US
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.JS.DownLoader.9376.28232.15373.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a048003953bbcef1c901866
Tags:
virus shell spawn
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
aes aspnet_compiler base64 confuserex crypto encrypted evasive evasive lolbin masquerade obfuscated packed powershell reconnaissance repaired
Link:
https://www.filescan.io/uploads/6a047ffe2fcb905ec2947ff2/reports/12872ecd-da2c-4944-88a0-b4541ad00a21/overview
Verdict:
Malicious
Labled as:
SVM:TrojanDownloader/JS.Nemucod
Link:
https://www.hybrid-analysis.com/sample/15816a85abbcc64085fc9cd88b5e1e116bb60dc33d53df8d71a8e2ffe157fd17
Verdict:
Malicious
File Type:
js
First seen:
2026-05-13T08:23:00Z UTC
Last seen:
2026-05-14T22:04:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/15816a85abbcc64085fc9cd88b5e1e116bb60dc33d53df8d71a8e2ffe157fd17/results?tab=lookup
Score:
97%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/15816a85abbcc64085fc9cd88b5e1e116bb60dc33d53df8d71a8e2ffe157fd17
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/15816a85abbcc64085fc9cd88b5e1e116bb60dc33d53df8d71a8e2ffe157fd17/
Threat name:
Win32.Trojan.Acll
Create hunting rule
Status:
Malicious
First seen:
2026-05-13 11:17:51 UTC
File Type:
Text (JavaScript)
AV detection:
11 of 24 (45.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cwawvbnlxtdebbp4ttmiwxq6cfv3mdodhvj57dlrvdrp7ykx7ulq._file
Result
Malware family:
formbook
Create hunting rule
Score:
  10/10
Tags:
family:formbook adware discovery execution rat spyware stealer trojan
Link:
https://tria.ge/reports/260513-q1fsrabw41/
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: JavaScript
Command and Scripting Interpreter: PowerShell
Enumerates physical storage devices
System Location Discovery: System Language Discovery
ConfuserEx .NET packer
Suspicious use of SetThreadContext
Checks computer location settings
Badlisted process makes network request
Family: Formbook
Formbook payload
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/15816a85abbcc64085fc9cd88b5e1e116bb60dc33d53df8d71a8e2ffe157fd17

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments