MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 79940efa2306d8d62d7ec4b8a30e708682e3fcd198896d508990df2546d6447c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 79940efa2306d8d62d7ec4b8a30e708682e3fcd198896d508990df2546d6447c
SHA3-384 hash: 07915e6460b7488271790545f1405f1921cca3748d9e1923c217a342102aa14774a2d0c68eae5fc1ad00dd063f453347
SHA1 hash: 74c2f159f4e73b0e0cf05d1ad631ff361a4e7a9a
MD5 hash: 197164fb0a7b96aaaca092760f3ec419
humanhash: delta-lactose-hydrogen-football
File name:197164fb0a7b96aaaca092760f3ec419.js
Download: download sample
Signature Formbook
Create hunting rule
File size:61'515 bytes
First seen:2026-03-14 19:13:48 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 384:vOS11mX131GeBk/rxAnB/hN4f/DyBdl9JFWPjsaS0mOwVzL5:vTA6eYiuGzgw7h
Threatray 2'669 similar samples on MalwareBazaar
TLSH T12653EDF6E174CF8846B7BA705FCA286E34AFE41B42176F5D9DB124D9A9C250C2C047B8
Magika javascript
Reporter abuse_ch
Tags:FormBook js

Intelligence

File Origin
# of uploads :
1
# of downloads :
167
Origin country :
SE SE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.JS.Packed.165.19047.2984.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69b5b38588c80c01586a27df
Tags:
ransomware
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm fingerprint repaired
Link:
https://www.filescan.io/uploads/69b5b384367b6bc6ee7dcb33/reports/497af25b-4212-471f-9b03-e6737e5c9e7d/overview
Verdict:
Malicious
Labled as:
Trojan.Cryxos.JS
Link:
https://www.hybrid-analysis.com/sample/79940efa2306d8d62d7ec4b8a30e708682e3fcd198896d508990df2546d6447c
Verdict:
Malicious
File Type:
js
Detections:
Trojan-Downloader.PowerShell.NanoShield.sb Trojan.JS.SAgent.sb HEUR:Trojan.Script.Generic
Link:
https://opentip.kaspersky.com/79940efa2306d8d62d7ec4b8a30e708682e3fcd198896d508990df2546d6447c/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj.expl.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1883866
Signature
Connects to a pastebin service (likely for C&C)
Creates processes via WMI
Found suspicious powershell code related to unpacking or dynamic code loading
JavaScript source code contains functionality to generate code involving a shell, file or stream
Joe Sandbox ML detected suspicious sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Base64 Encoded PowerShell Command Detected
Sigma detected: Net WebClient Casing Anomalies
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: Powershell Decrypt And Execute Base64 Data
Sigma detected: Suspicious PowerShell IEX Execution Patterns
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Wscript starts Powershell (via cmd or directly)
Yara detected Powershell decode and execute
Yara detected Powershell download and execute
Behaviour
Behavior Graph:
Download SVG
Score:
94%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/79940efa2306d8d62d7ec4b8a30e708682e3fcd198896d508990df2546d6447c
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/79940efa2306d8d62d7ec4b8a30e708682e3fcd198896d508990df2546d6447c/
Verdict:
Malicious
Threat:
Trojan-Downloader.PowerShell.NanoShield
Link:
https://tip.neiki.dev/file/79940efa2306d8d62d7ec4b8a30e708682e3fcd198896d508990df2546d6447c
Threat name:
Win32.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2026-03-13 16:52:48 UTC
File Type:
Text (JavaScript)
AV detection:
7 of 24 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pgka56rda3mnmll6ys4kgdtqq2boh7grtcew2uejsdpskrwwir6a._file
Verdict:
malicious
Label(s):
formbook
Create hunting rule
Similar samples:
0c7d1ea42048170f7deeb59ccc1da5f8165c4a5594d2592e193c29d08ec527a1
Formbook
1bc5f2d3c8d9ff144f16a61e4019689ebd77097ca6ac91f86ad1184275d301d6
Formbook
4d2d2c6efbb042ae0af1b79c8cc52237998ec70df56afd418abbacc48d9d3395
Formbook
528eeaa729b13527924b13dc4dfd8264c93535ae8401d8d812c8a5f329dce2ce
Formbook
770165df1cb9509cd4a8b726d1132c0cbf0161d50ee2649fcd27bab024869a6f
Formbook
95f69328694f351bb21526bc7970646af26380f2be3a1008ce58311c12d11f54
Formbook
b10d58f2bc40e8bf540081d8464a823821dc93068c9390bafefa5bfd47cab896
Formbook
c506931fb1c4252abed4ab22d82f2ebc88e46f58dd83ddca62b03c5ea6d8dc1e
Formbook
dc266cd65df56ade7508b58528c42fde8f42f203c03fa28eecdcd4893a2f4448
Formbook
error
Formbook
f0a98a72b7b1c86ac4ce457e7978a46e8af53393e1007d2fe94306bb042388d1
Formbook
+ 2'659 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
execution
Link:
https://tria.ge/reports/260314-xxqxwaet8k/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: JavaScript
Suspicious use of SetThreadContext
Command and Scripting Interpreter: PowerShell
Badlisted process makes network request
Process spawned unexpected child process
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/79940efa2306d8d62d7ec4b8a30e708682e3fcd198896d508990df2546d6447c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments