MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 accfdbd1af174d1134015daa4bc39ee1b5c8b88df4ecee8ea0c9cda660bb18c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: accfdbd1af174d1134015daa4bc39ee1b5c8b88df4ecee8ea0c9cda660bb18c7
SHA3-384 hash: 7eeb8c5fe686d980b0029b2a693b80be4ccc06927c9b205cb7acfa21d7d808bedbd8b90bfea67f9e3abe902a17952896
SHA1 hash: c7bb0ab5ab8e6b1150297189ab44de53e50000ba
MD5 hash: 7ce4dcb70294d698e6c249a343af036a
humanhash: mississippi-double-december-apart
File name:DHL Shipment Arrival Notification.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:102'400 bytes
First seen:2020-04-06 14:51:45 UTC
Last seen:2020-04-06 15:36:28 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 86a5f883c897db9a77d9cee88a47a765 (1 x FormBook)
ssdeep 768:LGIYTtIrUpZuh1CXhhssU6vQR1zgxZikayHktgaHvRaIaCx:xEariuh1CxgsO3ynaH5pa4
Threatray 503 similar samples on MalwareBazaar
TLSH D1A3F616BA90FE50D4004FB29A76CBFC4125BC30AD46AA07BAC47F3E3D35191B562B4B
Reporter James_inthe_box
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
2
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Noon-7650548-0
Create hunting rule

Win.Packed.Noon-7650558-0
Create hunting rule

Win.Malware.Generic-7650850-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Guloader
Create hunting rule
Status:
Malicious
First seen:
2020-04-06 14:32:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vth5xunpc5grcnablwvexq464g24roen6two5dvazhg2myf3dddq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
48ce0e9cc96cb8d9ebe92bd7c1982e84d48baffdbada44d5949370a58ebae901
FormBook
4cd679aa5f3ccf47e45a2600bbaedbbacb5e606035656b03172aed4aebe9973a
FormBook
5fd6f004c24217164873575373719fda7d893c3e8fa55ad39d2398f97db177af
FormBook
7f61824ebc70fa72968793c86c3d77f55bb50c1f41913b88b42c8622ebdb61e7
FormBook
844a12cfd459a87c3783fa13b53002be8b8de89e492a0e597abc71643c633546
FormBook
b6815b7c6bd39d114da295e839d472997b073db3d57429aadad20bb73c7b47c2
FormBook
c7552fe5ed044011aa09aebd5769b2b9f3df0faa8adaab42ef3bfff35f5190aa
FormBook
ccecd35324620e2e68fd758f23744c9de8471349f42004772ea87e815baca412
FormBook
d49a14c31e950371f37177e61bcdf98a393f4b081f4ddbc0bb7f93da2adba453
FormBook
f99d2e4c587a0877ab81b4923b1a497afa893e9c9168a1da10c22435c3af2e97
FormBook
+ 493 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

FormBook

Executable exe accfdbd1af174d1134015daa4bc39ee1b5c8b88df4ecee8ea0c9cda660bb18c7

(this sample)

FormBook

Executable exe bf58aecacc268c49d707512236a42c80cf096b24850c3096eb056f662ecbe2e3

  
Delivery method
Other
  
Dropping
SHA256 bf58aecacc268c49d707512236a42c80cf096b24850c3096eb056f662ecbe2e3
  
Dropping
MD5 021ea72e6f173e2b227ef086759535be

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd
MSVBVM60.DLL::__vbaErrorOverflow

Comments