MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5de5ccecbd75439fa62e08fb2594c2e9ccff76bc064ae99469618d26d905a5f8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 3 Yara Comments

SHA256 hash: 5de5ccecbd75439fa62e08fb2594c2e9ccff76bc064ae99469618d26d905a5f8
SHA1 hash: 641cfa4a887c976cd89cd0c66eca995864561be5
MD5 hash: 4dc689ad3e0f57b7f041eaccac52a049
File name:1GHBSI.exe
Download: download sample
Signature Formbook
File size:421'376 bytes
First seen:2020-05-23 11:10:43 UTC
Last seen:2020-05-23 11:46:35 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:i2GhNutBkiPG/JBavm9ma8OX8o44wyPdSn7dZBKHyPINJc4JKTQeyfHKq:i2iNXP/umMHOX8tyPdYwHLlgTdyf
TLSH C594E08A8A34033CD81D1EF79AFA1604033A5F5A456ED66A3E7470992DF33431A863DF
Reporter @abuse_ch
Tags:exe FormBook Yahoo

Malspam distributing Formbook:

Sending IP:
From: sales Rine <>
Subject: : Fwd: Wire Transfer Payment
Attachment: 1GHBSI.rar (contains "1GHBSI.exe")


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 27
Origin country FR FR
VirusTotal:Virustotal results 40.28%

File information

The table below shows additional information about this malware sample such as delivery method and external references.



Executable exe 5de5ccecbd75439fa62e08fb2594c2e9ccff76bc064ae99469618d26d905a5f8

(this sample)

Delivery method
Distributed via e-mail attachment