MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 937284137c84e1a192926206db0102c93764420508b2ff6bb6ab609cb7b55f9f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

FormBook

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	937284137c84e1a192926206db0102c93764420508b2ff6bb6ab609cb7b55f9f
SHA3-384 hash:	7de33cc511cb2f32f2f14a3becb8c0e5351b65ca31e8bc44c13f804cac2b56fbcf4e423330d4649987e5fc00053c6af4
SHA1 hash:	c30926ad45faa3720ab4e985fbb6f4c7df45f034
MD5 hash:	2b1953de1b1a6842cce9276b384bce27
humanhash:	solar-lake-edward-cat
File name:	New order SUGGESTED ETA APRIL PO001919123.exe
Download:	download sample
Signature	FormBook Create hunting rule
File size:	77'824 bytes
First seen:	2020-03-20 15:57:34 UTC
Last seen:	2020-03-20 17:57:49 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	0c70617836237b3328ef1cd46705e0bc (1 x FormBook)
ssdeep	768:8Vwka4WwrPikgFaaXXmxTar77fr6TMTkUGzMQyOu+mypT9gjFCkFQXTcJh8:iXvrzOa4XmtY2TDzMQCcQIkFs6K
Threatray	4'833 similar samples on MalwareBazaar
TLSH	0C737D47F610F926C959C73DEC4BF591311BBC292981EA8B36947B0F6CF00A18E5DB28
Reporter	cocaman
Tags:	COVID-19 exe FormBook

Intelligence

File Origin

# of uploads :

# of downloads :

125

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.42870393.18022.22.UNOFFICIAL

Win.Trojan.Vebzenpak-7639767-0

Win.Trojan.Vebzenpak-7640209-0

Win.Trojan.Vebzenpak-7699953-0

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-03-21 03:00:32 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

28 of 31 (90.32%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=snziie34qtq2deusmidnwaicze3wiqqfbczp625wvnqjzn5vl6pq._file

Verdict:

malicious

Label(s):

guloader

FormBook

17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f

FormBook

5628310c6fe718d77dadbc5c8cb6238faa27942517b590c2a87c07aadca429d6

FormBook

65d993ca9f1fffaa634838468d8f9401f7f2812aa75065e9805447db5b667720

FormBook

70d577aba943b783ec606abcfa912bf97c9fd4f22d5e46ff1d718d350a8e4fcc

FormBook

96ffe97ffd555e8f1329ba24b40cba5320d5bc1ef51fb0155b9dea55bf842487

FormBook

aeeabfa8e9e939e37ea0207919fdc7451ab015e81e5b908dc6d50e8ab9bdf7eb

FormBook

c46bc8f7f6334e0ac2957de6b03b6a04bca97a5604c90ecbfd755a7b7fdeed59

FormBook

d1e9ede488849faab5eb3e767704a4644cc79e6eaac8fe996d90fa164e68f620

FormBook

f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c

FormBook

+ 4'823 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/937284137c84e1a192926206db0102c93764420508b2ff6bb6ab609cb7b55f9f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 347de6bb7d62049399af0bacef77fed4bfcfdd279eec2d2f548bcdc667521584

FormBook

exe 937284137c84e1a192926206db0102c93764420508b2ff6bb6ab609cb7b55f9f

(this sample)

Delivery method

Other

Dropped by

SHA256 347de6bb7d62049399af0bacef77fed4bfcfdd279eec2d2f548bcdc667521584

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::EVENT_SINK_AddRef

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample