MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 82e88aee6d885cc8fae05704f51ff929dec75169571981b383292566268aa885. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 16


Intelligence 16 IOCs YARA 8 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 82e88aee6d885cc8fae05704f51ff929dec75169571981b383292566268aa885
SHA3-384 hash: b1e9ee9d037ee2e09ea632e2c73264263f7d99b27b8e71682b095eaf59fed99d4f5c78d0d814b5b663210a0835011893
SHA1 hash: 54590c0fb5734e3e0f3b9660a275a0dfda01f5f2
MD5 hash: 65ffc3e19e7e8a09abd5f7b1b3141be0
humanhash: magazine-kitten-high-item
File name:82e88aee6d885cc8fae05704f51ff929dec75169571981b383292566268aa885
Download: download sample
Signature Formbook
Create hunting rule
File size:781'312 bytes
First seen:2025-09-19 09:49:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'658 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:rN833CJ6LwllwnoCpYdcNUUn+sMFcsCV3Ae7xKHRobCt/7PR5aq71tAjcG+:pyXw/woOz+jcsCdAe74xk6/7Z5H1e5+
Threatray 1'536 similar samples on MalwareBazaar
TLSH T115F401241219DD06D4AA8F7419B2DAB41BB9AF89F421E3038FD6BDEFB8357A41D50342
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10522/11/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
Reporter JAMESWT_WT
Tags:7130ce-vip exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
IT IT
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
82e88aee6d885cc8fae05704f51ff929dec75169571981b383292566268aa885.exe
Verdict:
Malicious activity
Analysis date:
2025-09-19 09:54:45 UTC
Tags:
auto-sch-xml
Link:
https://app.any.run/tasks/a1309e2f-8904-45a2-b84a-7ce5f8669bf8

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/28301/
Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68cd2738246a2631bd310465
Tags:
virus spawn msil
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a process with a hidden window
Creating a file in the %AppData% directory
Enabling the 'hidden' option for recently created files
Adding an access-denied ACE
Creating a file in the %temp% directory
Launching a process
Unauthorized injection to a recently created process
Restart of the analyzed sample
Creating a file
Adding an exclusion to Microsoft Defender
Enabling autorun by creating a file
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
obfuscated packed packed packer_detected vbnet
Link:
https://www.filescan.io/uploads/68cd27ae390649f7a5f37ea4/reports/81264272-afcb-45ea-9240-e78e23cbb35b/overview
Verdict:
Malicious
Labled as:
Genie.8DN.Generic
Link:
https://www.hybrid-analysis.com/sample/82e88aee6d885cc8fae05704f51ff929dec75169571981b383292566268aa885
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-09-08T04:19:00Z UTC
Last seen:
2025-09-08T04:19:00Z UTC
Hits:
~1000
Detections:
Trojan-Spy.Noon.HTTP.ServerRequest PDM:Trojan.Win32.Generic Trojan.MSIL.Inject.sb Trojan.MSIL.Crypt.sb VHO:Backdoor.Win32.Agent.gen HEUR:Trojan.MSIL.Injector.gen Backdoor.Agent.HTTP.C&C HEUR:Trojan.MSIL.Taskun.sb HEUR:Trojan.MSIL.Taskun.gen
Link:
https://opentip.kaspersky.com/82e88aee6d885cc8fae05704f51ff929dec75169571981b383292566268aa885/results?tab=lookup
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1a050db0-3eee-463d-a482-e8ee012ebb7f
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/82e88aee6d885cc8fae05704f51ff929dec75169571981b383292566268aa885
Verdict:
inconclusive
YARA:
10 match(es)
Tags:
.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.25 Win 32 Exe x86
Link:
https://app.malva.re/file/65ffc3e19e7e8a09abd5f7b1b3141be0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/82e88aee6d885cc8fae05704f51ff929dec75169571981b383292566268aa885/
Verdict:
Malicious
Threat:
Trojan.MSIL.Inject
Link:
https://tip.neiki.dev/file/82e88aee6d885cc8fae05704f51ff929dec75169571981b383292566268aa885
Threat name:
ByteCode-MSIL.Backdoor.FormBook
Create hunting rule
Status:
Malicious
First seen:
2025-09-08 10:48:48 UTC
File Type:
PE (.Net Exe)
Extracted files:
4
AV detection:
25 of 36 (69.44%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qluiv3tnrbomr6xak4cpkh7zfhpmouljk4mydm4dfeswmjukvccq._file
Verdict:
malicious
Label(s):
unc_loader_037
Create hunting rule
Similar samples:
14e165221ac2efc6f337be62526b4005255f27d8b465f29f1edf6176a3cdb03c
Formbook
65032d50c2a6525b8b9cc9636278a4228bbe65ed478c4cea87e40370b2954c1d
Formbook
6ef00fa27b22acfceb6239f2af7ca5ae8b8ed95949f596e126f856f881638b9f
Formbook
error
Formbook
f9747fb11a026f504d412d601427589ce1466bd9fe2dca5332ae19bf4cf1fbd0
Formbook
+ 1'526 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery execution persistence
Link:
https://tria.ge/reports/250919-lvs4nsgq8x/
Behaviour
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Checks computer location settings
Command and Scripting Interpreter: PowerShell
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/f52c1b46-010e-472b-8ac9-34a819abbcaf
Unpacked files
SH256 hash:
82e88aee6d885cc8fae05704f51ff929dec75169571981b383292566268aa885
MD5 hash:
65ffc3e19e7e8a09abd5f7b1b3141be0
SHA1 hash:
54590c0fb5734e3e0f3b9660a275a0dfda01f5f2
Link:
https://www.unpac.me/results/b5221ae5-db4e-4b59-b536-a14ab120c6d3/
SH256 hash:
bc0d71caf63aa01f8d476a8aabf87318e79e4c371b4b5c611c0106866330889f
MD5 hash:
c4839f03a8bfb8e9b397bfcbe21d74c6
SHA1 hash:
212c3d0d5b4c73164a3df1d5bf53606be18b84b4
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/b5221ae5-db4e-4b59-b536-a14ab120c6d3/
SH256 hash:
8b200ebfc5111c0adbd04e9785736cedd849f947af558ca2168931cd5345fb31
MD5 hash:
095e768b76e9297db3da0804220e8230
SHA1 hash:
3110f7c2720013e11f816078819a2935f90e6f03
Link:
https://www.unpac.me/results/b5221ae5-db4e-4b59-b536-a14ab120c6d3/
SH256 hash:
7840c60c2bfc680ca2c5eb94c7bc65e23d0271f5988683a2c45cfbc7b7ac88c7
MD5 hash:
c80adf51504c80b0bf4a49fc3c2394b9
SHA1 hash:
df3e0df3db72e59ce267debba5173bf51acd7148
Link:
https://www.unpac.me/results/b5221ae5-db4e-4b59-b536-a14ab120c6d3/
SH256 hash:
508c10d57a5eb1c818e5867eb1207f0e9056a05f438df0671ae54fe8fdcca798
MD5 hash:
8855bedcad7b1a66aceef07657b8280a
SHA1 hash:
a3e12cf6eab32ff0f4d8b4e9bde0205fdd1caeaf
Link:
https://www.unpac.me/results/b5221ae5-db4e-4b59-b536-a14ab120c6d3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/82e88aee6d885cc8fae05704f51ff929dec75169571981b383292566268aa885

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:pe_no_import_table
Create hunting rule
Description:Detect pe file that no import table
Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/28301/

Comments