MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d851f10c14fdd10ee13710f52922f04a669f6ab27fcd35e62c78ad0a3d2dfc7c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 17


Intelligence 17 IOCs YARA 10 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d851f10c14fdd10ee13710f52922f04a669f6ab27fcd35e62c78ad0a3d2dfc7c
SHA3-384 hash: 7e8fdb98e4dd2e3216861f707e66d9b5d2eb3343f82aa02a4fa05df8a8a47123c6636db18fa2703be69f375a4081aa71
SHA1 hash: 883fb5b9a87dcf2bf21cfacabc075f95783103f7
MD5 hash: 959e443848e6fa84e68bdbc8dcd245ff
humanhash: fanta-mango-equal-india
File name:z61CurriculumVitae-SilvinaGarcia.exe
Download: download sample
Signature Formbook
Create hunting rule
File size:1'260'032 bytes
First seen:2025-09-22 14:00:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1895460fffad9475fda0c84755ecfee1 (309 x Formbook, 52 x AgentTesla, 36 x SnakeKeylogger)
ssdeep 24576:L5EmXFtKaL4/oFe5T9yyXYfP1ijXdaDvazyXHwHV8Zl9M:LPVt/LZeJbInQRaDvIh
Threatray 1'363 similar samples on MalwareBazaar
TLSH T18A45BF027381C062FFAB95334F5AF6115BBC79260123A62F13981DB9BE705B1563E7A3
TrID 40.3% (.EXE) Win64 Executable (generic) (10522/11/4)
19.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
17.2% (.EXE) Win32 Executable (generic) (4504/4/1)
7.7% (.EXE) OS/2 Executable (generic) (2029/13)
7.6% (.EXE) Generic Win/DOS Executable (2002/3)
Magika pebin
Reporter FXOLabs
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
139
Origin country :
BR BR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
z61CurriculumVitae-SilvinaGarcia.exe
Verdict:
No threats detected
Analysis date:
2025-09-22 14:02:32 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2415ba01-9a3f-44df-bbc0-e6a8d4e228a8

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/28567/
Detection(s):
SecuriteInfo.com.Win32.Trojan.Agent.35E5V6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
90.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68d1569b72187e372c386320
Tags:
autoit emotet
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% directory
Launching a process
Сreating synchronization primitives
Unauthorized injection to a system process
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context anti-debug autoit cmd compiled-script evasive explorer extrac32 fingerprint fingerprint keylogger lolbin microsoft_visual_cc packed regedit schtasks wmic
Link:
https://www.filescan.io/uploads/68d1569a73af424b47ea47b8/reports/49aecb91-1040-4b2d-a3dd-6d34cd0650cb/overview
Verdict:
Malicious
Labled as:
Trojan.BAT.Agent.gen
Link:
https://www.hybrid-analysis.com/sample/d851f10c14fdd10ee13710f52922f04a669f6ab27fcd35e62c78ad0a3d2dfc7c
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-09-22T10:52:00Z UTC
Last seen:
2025-09-22T10:52:00Z UTC
Hits:
~100
Link:
https://opentip.kaspersky.com/d851f10c14fdd10ee13710f52922f04a669f6ab27fcd35e62c78ad0a3d2dfc7c/results?tab=lookup
Malware family:
Formbook
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/5bfa931f-8313-4d70-85aa-9f7a6465e72d
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/d851f10c14fdd10ee13710f52922f04a669f6ab27fcd35e62c78ad0a3d2dfc7c
Verdict:
Malware
YARA:
7 match(es)
Tags:
AutoIt Decompiled Executable PDB Path PE (Portable Executable) PE File Layout Suspect Win 32 Exe x86
Link:
https://app.malva.re/file/959e443848e6fa84e68bdbc8dcd245ff
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d851f10c14fdd10ee13710f52922f04a669f6ab27fcd35e62c78ad0a3d2dfc7c/
Threat name:
Win32.Trojan.AutoitInject
Create hunting rule
Status:
Malicious
First seen:
2025-09-22 13:48:23 UTC
File Type:
PE (Exe)
Extracted files:
28
AV detection:
27 of 38 (71.05%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3bi7cdau7xiq5yjxcd2ssixqjjtj62vsp7gtlzrmpcwqupjn7r6a._file
Verdict:
malicious
Label(s):
formbook
Create hunting rule
Similar samples:
0002a2f7d00d1d6c5289a0c6915c6a761145586b191c03d6ae9320ac487c9ed3
Formbook
0faf94a24b00a7dca3cb0e26b29b0c3f72f66e2f968d997ad45e74620efeb11b
Formbook
15923a9fc38c609142edebb4ff10369d18d53b82986c41b7d98c5037c191db06
Formbook
336b45d6525d7f84650bedc820b46047a465bb14c2e6f7829a45be9436b363d6
Formbook
3646eadbf8a4b451c80fc5e3d74a4fbdcb8d2633933cdf3ba038533e56c98e9d
Formbook
5e890ef07e56cfc57a9468b04703a19455b181addb219eb5ed6d2e064b9ca8e9
Formbook
7fb51ecddea989bbc4c71fb744b95e9045e64c7a534d661d972c048a40050bb7
Formbook
92465a1c7629bb10ce9f67b667871537887a281b66a90dd4d481612111d3dd63
Formbook
b486ec0314eabf1bd79a42201829893561d949978e264bcaec545ba7f1b25f10
Formbook
e33e0044cb8cab8031d12c9e4cd922d81efeb5276dd5898ee2ef8b9cbdf28ddd
Formbook
error
Formbook
+ 1'353 additional samples on MalwareBazaar
Result
Malware family:
formbook
Create hunting rule
Score:
  10/10
Tags:
family:formbook discovery rat spyware stealer trojan
Link:
https://tria.ge/reports/250922-rbfl5adm8z/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
AutoIT Executable
Suspicious use of SetThreadContext
Formbook payload
Formbook
Formbook family
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/5914bb9f-4552-428b-946e-4fed5fe44958
Unpacked files
SH256 hash:
d851f10c14fdd10ee13710f52922f04a669f6ab27fcd35e62c78ad0a3d2dfc7c
MD5 hash:
959e443848e6fa84e68bdbc8dcd245ff
SHA1 hash:
883fb5b9a87dcf2bf21cfacabc075f95783103f7
Link:
https://www.unpac.me/results/0b52b6dc-7333-46a8-b15c-b150c9077e82/
SH256 hash:
f7af09c8cd9ba7837ea58aed356668ca2afb3ccf0703e4f138f0fd5237bc1c7f
MD5 hash:
f18f4f1d9319df0a308e9ec77ab711d6
SHA1 hash:
dcec33a58bfc91a917f55f6957bad4c85264a501
Link:
https://www.unpac.me/results/0b52b6dc-7333-46a8-b15c-b150c9077e82/
SH256 hash:
7aa788e89c933053f9573ec351596a4bbdc33078fc30cb7417893208fdb610a4
MD5 hash:
25073a8890705437f81748860d4eecfa
SHA1 hash:
ebdb8bf8ffadaa8ed26f4258b89b1f024c034f9e
Detections:
win_formbook_g0
Create hunting rule
Link:
https://www.unpac.me/results/0b52b6dc-7333-46a8-b15c-b150c9077e82/
Parent samples :
d851f10c14fdd10ee13710f52922f04a669f6ab27fcd35e62c78ad0a3d2dfc7c
4cff3833a6be883d48baa6d083f723aafab1b015a75b592808a02d1d82e0e1fa
e5da179849ee760128e70e7b1c34f95131a3c5247a0fbcb00bb4b76206819be0
63957e1ad8fe83595ab9a3a5e7de1715d0e926b2609f8142d7495792b656ac35
8967837eab9afe73b438a53a780e5258567de638ccb4bf8685f6a3551f67d60f
156b7ee585680c1edc643949e4311faf439c5be77a13ec2d2303e7a3115f1efc
Malware family:
FormBook
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/d851f10c14fd/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:AutoIT_Compiled
Create hunting rule
Author:@bartblaze
Description:Identifies compiled AutoIT script (as EXE). This rule by itself does NOT necessarily mean the detected file is malicious.
Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:pe_no_import_table
Create hunting rule
Description:Detect pe file that no import table
Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns
Rule name:TH_Generic_MassHunt_Win_Malware_2025_CYFARE
Create hunting rule
Author:CYFARE
Description:Generic Windows malware mass-hunt rule - 2025
Reference:https://cyfare.net/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

Executable exe d851f10c14fdd10ee13710f52922f04a669f6ab27fcd35e62c78ad0a3d2dfc7c

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/28567/

Comments