MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 163065b27e36ce19e815d862a46534b6b7a048be46562ae48c3811fb35fa3338. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 163065b27e36ce19e815d862a46534b6b7a048be46562ae48c3811fb35fa3338
SHA3-384 hash: 2fb3466495ae03c96838f5847dc83a68957ebf7aa3be0cf4b905ef656b2b74d738446febad07eec566ac13411fdb3396
SHA1 hash: d9091e325fef912bdd0edf720df3216cb0b564de
MD5 hash: 759a7f71ada784810d2d90522b493179
humanhash: jupiter-alpha-enemy-nevada
File name:SecuriteInfo.com.Trojan.Siggen9.34131.18298.14395
Download: download sample
Signature FormBook
Create hunting rule
File size:856'064 bytes
First seen:2020-04-06 19:43:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7dc2d3386fee88913d9b97194d8a771a (1 x FormBook)
ssdeep 24576:IBTnw7At9xhWiKMHRDHi2/sijn61QwUZxvQYvAsJBBN3QHR6TeusWi:w7w7Y9xhBRDC2/sijnz
Threatray 4'744 similar samples on MalwareBazaar
TLSH 17055A85D08ECDD0D45EA1BFE965D4F1896EAC39D5B22C2350F4BFAAF470681C12BE42
Reporter SecuriteInfoCom
Tags:FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.34131.18298.14395.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-06 16:06:48 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cyyglmt6g3hbt2av3brkizjuw232asf6izlcvzemhai7wnp2gm4a._file
Verdict:
malicious
Similar samples:
16de0aa2d02fae6460bb173c9104df4fa758343ab226aea79a3910dce19fa58e
FormBook
347aa505ad319b4d8ee54aabe34dfc2af12b4747af23c6b635821ba9aedd0e32
FormBook
41b0a4eba05ad382e109d412680e4a5a636cbc7dc6928c5de923d689f070ece4
FormBook
67586cd711a0de6176d2df1bde9bf36f024f893328ae9c447bdf5e636e99502b
FormBook
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
FormBook
8e5e93b6f3eee7f1a08a0420b25105017d3479769e6bf9d6b2518d3abc6b1a75
FormBook
a6009a6b0724811f3bb71fc6f0c6b3b1aad71448948175949c7eb8af82034e91
FormBook
cb580aefeab71d89497055434d2e09f655bf686c8e19db6cafba62e14b9415f6
FormBook
de55a1b3e711c74c00998d9c4cb0f5da9672b109e2f362ac55f4a9f4033ffbf7
FormBook
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
FormBook
+ 4'734 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

FormBook

Executable exe 163065b27e36ce19e815d862a46534b6b7a048be46562ae48c3811fb35fa3338

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/335856/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CloseHandle
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetCommandLineA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleMode
KERNEL32.dll::GetConsoleCP
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateFileW

Comments