MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dc186623afc0375b9ebd176481a9f37268351cac07f2825b8221124ec7ac9edc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

FormBook

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	dc186623afc0375b9ebd176481a9f37268351cac07f2825b8221124ec7ac9edc
SHA3-384 hash:	6a1d6d7d180fa3949015b0f778fdcd3cd62e3530e646ec981e80b6484e275f3aed669b67ec4f3504c2fb9af6837c58a7
SHA1 hash:	a65743cea90b734018986dcffcb931edf341e2c5
MD5 hash:	2d522b208b8ca1da1c8bf72a915b9c4c
humanhash:	mango-wolfram-september-summer
File name:	MT103.exe
Download:	download sample
Signature	FormBook Create hunting rule
File size:	704'512 bytes
First seen:	2020-04-30 07:32:34 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	3f570a7b336322629a2bf258308cf365 (1 x FormBook)
ssdeep	12288:6AFK4nWM2ajOHqbnDtSfcTAYbKwtZC5mBi4qItlwIFmnAf2BLM:6enWHajCqbkUsYmw/ymwbXBLM
Threatray	5'313 similar samples on MalwareBazaar
TLSH	30E4014BBA02E85BD21281B8635896EC63D97C7968356D63C2463B8A87FDFF1403057B
Reporter	jarumlus
Tags:	FormBook

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.Fareitvb-7138372-0

Gathering data

Threat name:

Win32.Trojan.Fareitvb

Status:

Malicious

First seen:

2019-08-21 16:21:00 UTC

AV detection:

25 of 31 (80.65%)

Threat level:

5/5

Verdict:

malicious

FormBook

223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a

FormBook

2bde030373678bb2df1223cd3e3c4e7f2992e30739dcc63b688368f02a100067

FormBook

30bbf2043054b92e495bbd55f67e43b8eafce430bf31d8aaa4899385e503cdbe

FormBook

4c7955fd946f9b823079ac10f83004c396d5b9877703b5ac2a073a52d8fcd376

FormBook

5628310c6fe718d77dadbc5c8cb6238faa27942517b590c2a87c07aadca429d6

FormBook

83968322ee41293c915a37779c384b39d1a0429303ed831291da984e7ff6877f

FormBook

d1e9ede488849faab5eb3e767704a4644cc79e6eaac8fe996d90fa164e68f620

FormBook

f182f38dad7fd5bd04289d647f2ada402fa66667653d3173d2963da1da29da01

FormBook

f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c

FormBook

+ 5'303 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::__vbaObjSetAddref MSVBVM60.DLL::EVENT_SINK_AddRef MSVBVM60.DLL::__vbaLateMemCallLd

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample