MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9f53e0ba2145f3e5c599392f4420513df545be0f4a5034310eb149672d5c44e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 2 File information 3 Yara 3 Comments

SHA256 hash: 9f53e0ba2145f3e5c599392f4420513df545be0f4a5034310eb149672d5c44e5
SHA3-384 hash: ecf14f9504c90679ae8c65537341943b25ff92fa4fca3a5628d6a09afb3745c96ffa131e5920d2e49cdeaad3b7a31d8e
SHA1 hash: a06f5368a04d83e45b2a42ffefc0c90fbb1a8739
MD5 hash: a7d90dca0ef0e9ee58de4a29c51f1a5b
humanhash: two-fanta-california-failed
File name:Futuroso New Order Pdf.exe
Download: download sample
Signature FormBook
File size:312'832 bytes
First seen:2020-06-30 12:27:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:36K+eIxyas32CrvjAA3edWOvbEm2dgZKsARI+bGU:36K+eQcPrvU6OTEpiZxzpU
TLSH 4764F17423F94726D6BA83B931B150144FF2B8537162E32C6E5060CD2AB6B81CB72F63
Reporter @abuse_ch
Tags:exe FormBook

Malspam distributing FormBook:

Sending IP:
From: Mencho Marcos <>
Subject: ORDER :URGENT!!!
Attachment: Futuroso New Order Pdf.iso (contains "Futuroso New Order Pdf.exe")


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 34
Origin country FR FR
CAPE Sandbox Detection:n/a
CERT.PL MWDB Detection:n/a
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Androm
First seen:2020-06-30 12:29:04 UTC
AV detection:22 of 31 (70.97%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:formbook
Tags:trojan spyware stealer family:formbook persistence
VirusTotal:Virustotal results 13.89%

Yara Signatures

Rule name:Formbook
Author:JPCERT/CC Incident Response Group
Description:detect Formbook in memory
Reference:internal research
Rule name:win_formbook_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator
Rule name:win_formbook_g0
Author:Slavo Greminger, SWITCH-CERT

File information

The table below shows additional information about this malware sample such as delivery method and external references.



Executable exe 9f53e0ba2145f3e5c599392f4420513df545be0f4a5034310eb149672d5c44e5

(this sample)

Dropped by
MD5 ba0947c34f6c8c98a9f182aa3ca80772
Delivery method
Distributed via e-mail attachment