MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 314083c1c0f3453c1a2bf9e88d71b193e5ce26deccb61deec9db2c5c5c273118. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 314083c1c0f3453c1a2bf9e88d71b193e5ce26deccb61deec9db2c5c5c273118
SHA3-384 hash: 45ad5dd84abcc4bc318111adb63b482d6e0e4069cbeaf4cdfb0a913d3a218b4417897baca6886869612d3403d9db1097
SHA1 hash: 19d13cd04eb359dd53d848e5d4ad5b9f43034d16
MD5 hash: 4c23db0e2489c863ff9cd314f85820af
humanhash: lima-zebra-harry-december
File name:Shipment Document BL,INV and Packing List Attached.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:102'400 bytes
First seen:2020-04-03 05:47:29 UTC
Last seen:2020-04-03 06:31:49 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 05394dda17e276b660db9063b4d458b5 (1 x FormBook)
ssdeep 768:kS4vRnxnxqSCak6KV35+PvYgk+cH6ysrNDrsz0HMGIs:ev7nJM6tYgnmb4xrszMr
Threatray 822 similar samples on MalwareBazaar
TLSH CFA3D422BA90FE91D8108E719D7A87EC4225BC30ED556A47BAC53F7E3D34090B692F47
Reporter jarumlus
Tags:FormBook GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Generic-7647091-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-04-03 06:35:29 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gfaihqoa6nctygrl7hui24nrsps44jw6zs3b33wj3mwfyxbhgema._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2175bd94c8f6b7a75f4058bb9b981c2dee39a34a51afe018ebecfbffa490656c
FormBook
2b06bef1e11a4116301fd6fe39fee4f1a131cff248ba8e1213335161f51385f9
FormBook
484b37c91fa9737deb4621d7adaec989419ba06a4e97ae797b7fa6fdbfaf3e67
FormBook
6c759b96dca08330cce6b7787e69b286d3b1a22a618f81409fd674ef720eb6dd
FormBook
94aa044af536864b0126b945a20ca29ccad0f3471d8ee3516c10b065ed49739f
FormBook
9c01cf666c922c17867f4d2a85d090376c6f82e2c77b16de330d116f147fca59
FormBook
b6815b7c6bd39d114da295e839d472997b073db3d57429aadad20bb73c7b47c2
FormBook
b866a18458d22f3c362eb9db308ccbbe80ad1a1ef04d9f1c8ba6d3c66ccd4971
FormBook
c7552fe5ed044011aa09aebd5769b2b9f3df0faa8adaab42ef3bfff35f5190aa
FormBook
da9905dfd7e60f5a61bd23a3820c461bb67d59f5dafea80ee20f838871c9ce83
FormBook
+ 812 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaFileOpen

Comments