MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 38bb0a1d49eb96f7fae4e2e6831184522114744b354fd2b299eafc3d76bc7a62. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	38bb0a1d49eb96f7fae4e2e6831184522114744b354fd2b299eafc3d76bc7a62
SHA3-384 hash:	6089db3b13f60b2546209657b51b3372463d1e55d073f63fcb97e16cb5d32123def8b6ada95681964a21994c34f3d687
SHA1 hash:	394d3478546acad2205fad3093bd3507e77e4530
MD5 hash:	1202c6319dde8c014e3b289e906f921e
humanhash:	grey-hot-bacon-hydrogen
File name:	utasarmsinc.ru_live__dew002.exe
Download:	download sample
Signature	Formbook Create hunting rule
File size:	569'344 bytes
First seen:	2020-03-18 19:21:15 UTC
Last seen:	2020-03-18 20:46:14 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	00f90fc1f0b6cede98754c3eb39ce42b (1 x Formbook)
ssdeep	6144:9j5Yy1YP2+E1NFOfqSBjOn0PSUjcEKQ49KGO36yr0T9guJxtk45ij:9tlSPZE1NFxSZOn0PSYcHLSmfL0j
Threatray	4'671 similar samples on MalwareBazaar
TLSH	1EC469BCE57C55B4FBAE507776D0C1BE14E16C7880321AC5BC3E7A96B2B364C6E80A05
Reporter	ov3rflow1
Tags:	exe FormBook

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Heur.PonyStealer.Im0@cGKyRbpi.29232.23325.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Vbinject

Status:

Malicious

First seen:

2018-03-18 17:42:00 UTC

AV detection:

22 of 28 (78.57%)

Threat level:

5/5

Verdict:

malicious

Label(s):

netwirerc

Formbook

20e5edeac32212fe8dcc9e5ab6f872d7e647e5e78eb707f2e0704817e3c092e0

Formbook

2ff76dce8a2f9ea8d6904b9705447ff3fb45e77fa32a3f2c446f318b4aee2148

Formbook

455f9457f0b901603911b305f2fdab9186a395cf31e9aa8f3a29243a369a8f52

Formbook

8d703de189a2ba36e099a2276e2ba596d40c54c21eec779286667e8dd6c2e5b8

Formbook

99737bd60422defc150edf7e1ec863acd6d2e599e8139aa987b6b4c43ab18cec

Formbook

9efeacb28688b709ed2b817977d8ace64b4b4674f5540f282017c78a32755145

Formbook

9f10a3e22fd6722a29b863e9ab03a41234d3339414331bb074226dcc3195d610

Formbook

d0c571182eb67023db9b2f8c440dfc76488b23ea51819de40bbeca16fbb9322e

Formbook

e89f7cbe30c473af31238429762b1d46ed174fefa8bf559198766fb1658905fd

Formbook

+ 4'661 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/38bb0a1d49eb96f7fae4e2e6831184522114744b354fd2b299eafc3d76bc7a62

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

URLhaus

https://urlhaus.abuse.ch/url/182/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::__vbaSetSystemError MSVBVM60.DLL::__vbaObjSetAddref MSVBVM60.DLL::EVENT_SINK_AddRef MSVBVM60.DLL::__vbaErrorOverflow

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample