MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 608f0e64c91d168bd7bae669335b4539cb8018772e948fb7ae36e8a95fd19604. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
FormBook
Vendor detections: 4
| SHA256 hash: | 608f0e64c91d168bd7bae669335b4539cb8018772e948fb7ae36e8a95fd19604 |
|---|---|
| SHA3-384 hash: | d8f239b855e19f7a0f4e32dfe1145400893c681e59bf506db665cefa4a5357715f94ca80093129cf553c241a18d38ec5 |
| SHA1 hash: | b4aa37c3d9ef35fb9067800d98238732b5034e0e |
| MD5 hash: | c800d5ce63add90dc88ac94e1741a217 |
| humanhash: | social-winner-oranges-sierra |
| File name: | 0001.exe |
| Download: | download sample |
| Signature | FormBook |
| File size: | 644'904 bytes |
| First seen: | 2020-04-28 19:50:26 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 7995e54627ac1ad6ac5c8088a17d235a (3 x FormBook) |
| ssdeep | 12288:bc7xl2ME00zMMCIM8joPfTTGlxguQM3evEElE35PMyjz/vQkTOUACNBv9OCcHA53:b0DPTaMMFMkoPfTgqjfG3p10UACpwA53 |
| Threatray | 5'103 similar samples on MalwareBazaar |
| TLSH | 34D40263126A7142D6FF24B14A8087071B55F9E1CDD22931AAD3A50CDB36D83BBF0B5E |
| Reporter |  Racco42 |
| Tags: | exe FormBook |
Code Signing Certificate
| Organisation: | VeriSign Time Stamping Services CA |
|---|---|
| Issuer: | Thawte Timestamping CA |
| Algorithm: | sha1WithRSAEncryption |
| Valid from: | Dec 4 00:00:00 2003 GMT |
| Valid to: | Dec 3 23:59:59 2013 GMT |
| Serial number: | 47BF1995DF8D524643F7DB6D480D31A4 |
| Intelligence: | 14 malware samples on MalwareBazaar are signed with this code signing certificate |
| Thumbprint Algorithm: | SHA256 |
| Thumbprint: | 1C1983300C10FB262C0B2304B7BE15AABA10AE356EBBBB177583DC44774EB080 |
| Source: | This information was brought to you by ReversingLabs A1000 Malware Analysis Platform |
Intelligence
File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Gathering data
Threat name:
Win32.Trojan.Noon
Status:
Malicious
First seen:
2020-04-28 01:19:24 UTC
File Type:
PE (Exe)
Extracted files:
21
AV detection:
22 of 31 (70.97%)
Threat level:
2/5
Detection(s):
Malicious file
Verdict:
malicious
Similar samples:
+ 5'093 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
BLint
The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.
Findings
| ID | Title | Severity |
|---|---|---|
| CHECK_AUTHENTICODE | Missing Authenticode | high |
| CHECK_DLL_CHARACTERISTICS | Missing dll Security Characteristics (HIGH_ENTROPY_VA) | high |
Reviews
| ID | Capabilities | Evidence |
|---|---|---|
| WIN_BASE_API | Uses Win Base API | MSVCR110.dll::__crtTerminateProcess |
| WIN_USER_API | Performs GUI Actions | USER32.dll::CreateWindowExW |
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.