MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 65cd6807556189c85811f11fb91a981749e7d9760e5a72c0845dd6b8ff93a8f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 3 Yara Comments

SHA256 hash: 65cd6807556189c85811f11fb91a981749e7d9760e5a72c0845dd6b8ff93a8f9
SHA1 hash: c23ebfec4a59e85985dabe251390a195ce3d43ca
MD5 hash: 52b9520f67483c03673b18e500cdb728
File name:PO C10090.exe
Download: download sample
Signature FormBook
File size:316'416 bytes
First seen:2020-05-23 11:18:36 UTC
Last seen:2020-05-23 11:46:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:/F4qHsOJTG6epgfH6mxY3pRvqtjhxz3I92lYsgNKtLXxjr:/F4q4PCBO3pRSHxjIYl6Sj1r
TLSH 8E64E20AA2C863EED02C877D2CA0341217737E56355AEF194E5672DE66367C20631FAF
Reporter @abuse_ch
Tags:exe FormBook

Malspam distributing FormBook:

Sending IP:
From: Nicholas Akuku <>
Subject: PO
Attachment: PO (contains "PO C10090.exe")


Mail intelligence
Trap location Impact
DE Germany Low
Global Low
# of uploads 2
# of downloads 23
Origin country FR FR
VirusTotal:Virustotal results 18.06%
ReversingLabs :No data

File information

The table below shows additional information about this malware sample such as delivery method and external references.



Executable exe 65cd6807556189c85811f11fb91a981749e7d9760e5a72c0845dd6b8ff93a8f9

(this sample)

Delivery method
Distributed via e-mail attachment