MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 54c2d6b2b69d3f358efa17b82e6f1e3a0c30418491d568fc68da6bacf9e10328. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 10


Intelligence 10 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 54c2d6b2b69d3f358efa17b82e6f1e3a0c30418491d568fc68da6bacf9e10328
SHA3-384 hash: 1dcf35bb35e784d47a1a1f24cac1d4dc0a64560bb5bdc007f627ed169db62ff880b4f37baf2df92bc6258491d5c1553d
SHA1 hash: 257e8400d53ade3d12a35f946f008183a96fd8ee
MD5 hash: 831696d6960a189eb4ed6bcdfeca346d
humanhash: stairway-sad-cold-fish
File name:SecuriteInfo.com.Win32.AdwareX-gen.25812.20358
Download: download sample
Signature Formbook
Create hunting rule
File size:169'472 bytes
First seen:2023-10-05 07:30:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 235f54a8f3fab3914ce05790a045f905 (6 x Formbook)
ssdeep 1536:F9owhCmXQce3gi5MlsuPUuvAg3iHhDvr+6dMPW4DjMDVGWQs+yckU4Ss8jcdsPjO:F9DdQp3Gzqrd6sQs+0n3sPtAhr81cj
Threatray 3 similar samples on MalwareBazaar
TLSH T167F36B1136D1C0B5D477023549E8DB615ABEFEB24FB24E5FB7C80A8E4B74180AB25B63
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter SecuriteInfoCom
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
295
Origin country :
FR FR
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.AdwareX-gen.25812.20358.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Searching for the window
Creating a window
Gathering data
Verdict:
Suspicious
Threat level:
  10/10
Confidence:
100%
Tags:
control greyware lolbin
Link:
https://www.filescan.io/uploads/651e663764965c51f7754a9d/reports/6ae9ac2a-6414-44e4-a041-54330d1d344b/overview
Verdict:
Malicious
Labled as:
Jaik.Generic
Link:
https://www.hybrid-analysis.com/sample/54c2d6b2b69d3f358efa17b82e6f1e3a0c30418491d568fc68da6bacf9e10328
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Formbook
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8ac7b578-c38a-401d-8286-ac20f8a52b58
Result
Threat name:
NSISDropper
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1319946
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected NSISDropper
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/54c2d6b2b69d3f358efa17b82e6f1e3a0c30418491d568fc68da6bacf9e10328/
Threat name:
Win32.Trojan.Zusy
Create hunting rule
Status:
Malicious
First seen:
2023-10-05 07:02:06 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
17 of 36 (47.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ktbnnmvwtu7tldx2c64c43y6higdaqmeshkwr7di3jv2z6pbamua._file
Verdict:
malicious
Similar samples:
4732c2a4e78e5f416cf1d7abf28c1991e45ac8706fbab576b84f0b72d0288d2f
Formbook
52bbb87af8510bd3b008c070c27f022f14315f4d54f3b046b88fe2689e88c941
Formbook
8d48b5f989fff5f8f7f654f2d1fa6f8f7e52bcb0a1e2f25b02910ae1861760b6
Formbook
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/231005-jcc9dsbc47/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
54c2d6b2b69d3f358efa17b82e6f1e3a0c30418491d568fc68da6bacf9e10328
MD5 hash:
831696d6960a189eb4ed6bcdfeca346d
SHA1 hash:
257e8400d53ade3d12a35f946f008183a96fd8ee
Link:
https://www.unpac.me/results/6ca15081-f865-44b7-ac12-243e329040fe/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/54c2d6b2b69d3f358efa17b82e6f1e3a0c30418491d568fc68da6bacf9e10328

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments