MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 26d162331f7179d6978fd35569baddfba36f1dae069b3d748ebfe5dc366bcafc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 12


Intelligence 12 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 26d162331f7179d6978fd35569baddfba36f1dae069b3d748ebfe5dc366bcafc
SHA3-384 hash: 9fb672853322bd446b2edbcaaa3915bb23a38cfae77d18404c043448b02d9f5b609d654bb3e2dbda5a3fef5d5645dd3a
SHA1 hash: 96e51f6f617d1be806cd702cd29299ebb2747faa
MD5 hash: a6b45dd5d032cdb331ae41b34a01284a
humanhash: island-johnny-papa-india
File name:26d162331f7179d6978fd35569baddfba36f1dae069b3d748ebfe5dc366bcafc
Download: download sample
Signature Formbook
Create hunting rule
File size:1'025'536 bytes
First seen:2026-06-08 09:38:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 24576:5vsFl3jdIO5CkPKBxwUG+YuGQTtMbRGyNDbpF+xkb+5:y3jT5sv90RbP+xkb8
Threatray 2'939 similar samples on MalwareBazaar
TLSH T1EA251228660AC00BCB866B761FB1F3B5066D1EEEA502D6175FCD7DEBB873E441C44262
TrID 44.6% (.EXE) Win64 Executable (generic) (6522/11/2)
14.0% (.ICL) Windows Icons Library (generic) (2059/9)
13.8% (.EXE) OS/2 Executable (generic) (2029/13)
13.7% (.EXE) Generic Win/DOS Executable (2002/3)
13.6% (.EXE) DOS Executable (generic) (2000/1)
Magika pebin
Reporter adrian__luca
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
HU HU
Vendor Threat Intelligence
No detections
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/69855/
Verdict:
Malicious
Score:
95.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a268e613e9eff6a6b68bf8b
Tags:
shell virus sage
Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
Creating a window
Unauthorized injection to a recently created process
Restart of the analyzed sample
Creating a file
Launching the process to interact with network services
Сreating synchronization primitives
Sending a custom TCP request
Unauthorized injection to a system process
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/6a268d9fbf16337e43bb2773/reports/0da6b5ad-ffd3-40a8-94e6-57fb945d065b/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/26d162331f7179d6978fd35569baddfba36f1dae069b3d748ebfe5dc366bcafc
Verdict:
Malicious
File Type:
exe x64
First seen:
2026-05-13T03:22:00Z UTC
Last seen:
2026-06-09T05:49:00Z UTC
Hits:
~100
Link:
https://opentip.kaspersky.com/26d162331f7179d6978fd35569baddfba36f1dae069b3d748ebfe5dc366bcafc/results?tab=lookup
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/e42fbea9-9e53-43e2-ae13-8981b5d67885
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/26d162331f7179d6978fd35569baddfba36f1dae069b3d748ebfe5dc366bcafc
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/26d162331f7179d6978fd35569baddfba36f1dae069b3d748ebfe5dc366bcafc/
Threat name:
ByteCode-MSIL.Trojan.BPLogger
Create hunting rule
Status:
Malicious
First seen:
2026-05-13 15:18:30 UTC
AV detection:
26 of 37 (70.27%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=e3iwemy7of45nf4p2nkwtow57orw6hnoa2nt25eox7s5yntlzl6a._file
Verdict:
malicious
Label(s):
formbook
Create hunting rule
xworm
Create hunting rule
Similar samples:
03db270f22ccf186bcdb62454ab32ad0004bc382e03c5d742f2af5dd63fcdf88
Formbook
0e9815093b48958e642ad4bf4806a0fbb84cd1350e7d67d9c60aaa0c145e6302
Formbook
18e53ace8f5ac246907518eca1dac1fda544163727cd3f42fe06c7cfe19e06fc
Formbook
4954418adaef22b8f70bd03d05daf3fe790a4c21ec0ecfd40b1727297019832f
Formbook
57e753a6d49e97decfdfd33977c017da0c19955d69b6aeb150a7f9c80bca1134
Formbook
84ba64e1bbd5aca89c4daeaee79703d8c9aa6fba1d889fcdb2d3ff0b56780e50
Formbook
c61fd6a91353834b1b35bdef04242f89295b7f7ecffb2951ec3459b391d8ed97
Formbook
cdb4f964fdb6348bd4e59b47cbd43a15bb41acac2098e41dc397f055147713c8
Formbook
e8b904ca4232fecac9d94deac3c56e48ba47e3ceb9299f009256daddcdb2cc95
Formbook
error
Formbook
+ 2'929 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/260608-lm4kfabw5m/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of NtCreateThreadExHideFromDebugger
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
26d162331f7179d6978fd35569baddfba36f1dae069b3d748ebfe5dc366bcafc
MD5 hash:
a6b45dd5d032cdb331ae41b34a01284a
SHA1 hash:
96e51f6f617d1be806cd702cd29299ebb2747faa
Link:
https://www.unpac.me/results/7ff7c374-91cd-4466-83e2-0a6c8f44e2d2/
Malware family:
FormBook
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/26d162331f71/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_no_import_table
Create hunting rule
Description:Detect pe file that no import table

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/69855/

Comments