MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e07306dec4ab4785340a35fce37bd7e076847ab56ec93af88bb262535f142864. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 17


Intelligence 17 IOCs YARA 9 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e07306dec4ab4785340a35fce37bd7e076847ab56ec93af88bb262535f142864
SHA3-384 hash: 1077ccbe0a5c13ec7ffba44fcd27eb1603a8fe79ce4652b0959be6277a1ae29d5ef0dafacffea131990aa5c5955eb302
SHA1 hash: d9ca8432a3d962cbe4c60301d21256bc893beded
MD5 hash: 2e42e3c642feb6c526968df365b30a83
humanhash: undress-hamper-hamper-avocado
File name:e07306dec4ab4785340a35fce37bd7e076847ab56ec93af88bb262535f142864
Download: download sample
Signature Formbook
Create hunting rule
File size:1'252'864 bytes
First seen:2025-10-09 14:14:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1895460fffad9475fda0c84755ecfee1 (305 x Formbook, 52 x AgentTesla, 36 x SnakeKeylogger)
ssdeep 24576:b5EmXFtKaL4/oFe5T9yyXYfP1ijXdaG+SY8EV0OMhCV8w3D:bPVt/LZeJbInQRaG+S4VwhCV8
TLSH T1C545BF027391C062FFAB91734B5AF6215BBC79260123E62F13981D7ABD701B1563E7A3
TrID 40.3% (.EXE) Win64 Executable (generic) (10522/11/4)
19.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
17.2% (.EXE) Win32 Executable (generic) (4504/4/1)
7.7% (.EXE) OS/2 Executable (generic) (2029/13)
7.6% (.EXE) Generic Win/DOS Executable (2002/3)
Magika pebin
Reporter adrian__luca
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
HU HU
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
1718be7bdbf579bee2521f582b7382a7b4fde9b3b6863c44432f121dfbebf6d8.zip
Verdict:
Suspicious activity
Analysis date:
2025-10-09 14:30:29 UTC
Tags:
arch-exec
Link:
https://app.any.run/tasks/87f5e237-98b3-4d48-b008-bc6ac458929c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/31409/
Detection(s):
SecuriteInfo.com.Win32.Trojan.Agent.35E5V6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68e7c3e9277c2bd8bc5e61a7
Tags:
autoit emotet
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% directory
Launching a process
Sending a custom TCP request
Сreating synchronization primitives
Unauthorized injection to a system process
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context anti-debug anti-vm anti-vm autoit cmd cmdkey compiled-script evasive fingerprint keylogger lolbin microsoft_visual_cc packed wmic
Link:
https://www.filescan.io/uploads/68e7c90fd4a0085473c59090/reports/e1c25fef-4882-4559-8538-af1c026c38d9/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/e07306dec4ab4785340a35fce37bd7e076847ab56ec93af88bb262535f142864
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-09-17T21:24:00Z UTC
Last seen:
2025-10-10T05:00:00Z UTC
Hits:
~1000
Detections:
PDM:Trojan.Win32.Generic Trojan-Spy.Win32.Noon.sb Trojan.Win32.Strab.sb Trojan.Win32.Inject.sb HEUR:Trojan.Script.AUO.gen
Link:
https://opentip.kaspersky.com/e07306dec4ab4785340a35fce37bd7e076847ab56ec93af88bb262535f142864/results?tab=lookup
Malware family:
Formbook
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b96b7c14-cebe-4884-919d-11e56f31f205
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/e07306dec4ab4785340a35fce37bd7e076847ab56ec93af88bb262535f142864
Verdict:
Malware
YARA:
7 match(es)
Tags:
AutoIt Decompiled Executable PDB Path PE (Portable Executable) PE File Layout Suspect Win 32 Exe x86
Link:
https://app.malva.re/file/2e42e3c642feb6c526968df365b30a83
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e07306dec4ab4785340a35fce37bd7e076847ab56ec93af88bb262535f142864/
Threat name:
Win32.Trojan.AutoitInject
Create hunting rule
Status:
Malicious
First seen:
2025-09-18 01:17:12 UTC
File Type:
PE (Exe)
Extracted files:
28
AV detection:
29 of 36 (80.56%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4bzqnxwevndyknakgx6og66x4b3ii6vvn3etv6elwjrfgxyufbsa._file
Verdict:
malicious
Label(s):
formbook
Create hunting rule
Similar samples:
error
Formbook
Result
Malware family:
formbook
Create hunting rule
Score:
  10/10
Tags:
family:formbook discovery rat spyware stealer trojan
Link:
https://tria.ge/reports/251009-rzxwbazms4/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Program crash
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Formbook payload
Formbook
Formbook family
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/6448d47d-5bf5-45f1-b969-8bfee42040a9
Unpacked files
SH256 hash:
e07306dec4ab4785340a35fce37bd7e076847ab56ec93af88bb262535f142864
MD5 hash:
2e42e3c642feb6c526968df365b30a83
SHA1 hash:
d9ca8432a3d962cbe4c60301d21256bc893beded
Link:
https://www.unpac.me/results/d9dab6d7-6f92-4c70-8b11-14cd41f70922/
SH256 hash:
816700833f8c8419dcc26adb2af8ec796dd97a0a8a8bd2abd3daac08a994015d
MD5 hash:
91defa86965272949fcb23d717df9a5b
SHA1 hash:
76a1aa3052e25717f1fd64223c5ad147ea1a60d1
Link:
https://www.unpac.me/results/d9dab6d7-6f92-4c70-8b11-14cd41f70922/
SH256 hash:
9654a25759de3f351e6b49bf69408e2beb150c48a276cb3f49d62dde7c19a492
MD5 hash:
11e1b0343f56eaf3d89ad3ced58db651
SHA1 hash:
e13f8b86a316de31c0acf8ece21461c78b22e1d1
Detections:
win_formbook_g0
Create hunting rule
Link:
https://www.unpac.me/results/d9dab6d7-6f92-4c70-8b11-14cd41f70922/
Parent samples :
e07306dec4ab4785340a35fce37bd7e076847ab56ec93af88bb262535f142864
7e94122a9c483446f957eea2d13bc3088657c59e691372a954fae675145dc3b9
eafdc30470671cb53e44062d908e89ad6cc7e346da0aa0e40f6b942edd8dc0a0
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:AutoIT_Compiled
Create hunting rule
Author:@bartblaze
Description:Identifies compiled AutoIT script (as EXE). This rule by itself does NOT necessarily mean the detected file is malicious.
Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:pe_no_import_table
Create hunting rule
Description:Detect pe file that no import table
Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns
Rule name:TH_Generic_MassHunt_Win_Malware_2025_CYFARE
Create hunting rule
Author:CYFARE
Description:Generic Windows malware mass-hunt rule - 2025
Reference:https://cyfare.net/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/31409/

Comments