MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e3a2d9d8eef268fafbeaeaf36b05c94ce9a4cf725c77dcf49d8c42d0fe012014. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	e3a2d9d8eef268fafbeaeaf36b05c94ce9a4cf725c77dcf49d8c42d0fe012014
SHA3-384 hash:	89be49f3b7ff91ced04fab83947742f722d1780f1f922aeda6594c7e8b01b435c210d4961e642b12312717befb48de8c
SHA1 hash:	077ab110dd53eefdc25b7c6886765f53c55b266d
MD5 hash:	d42cb82f651b95a04c829c711cb57ae5
humanhash:	solar-twenty-whiskey-fix
File name:	e3a2d9d8eef268fafbeaeaf36b05c94ce9a4cf725c77dcf49d8c42d0fe012014
Download:	download sample
Signature	Formbook Create hunting rule
File size:	843'776 bytes
First seen:	2020-03-23 16:25:56 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	811e03b8e99f6cc2c5f7e56e00c90fde (1 x Formbook)
ssdeep	12288:njxSGGGGGjMbrbuCtYGcGpfEbasc+FLcHNBbrpyZG7TcUCFoaqufps6zlu:nFMzZtYGcGdEb9c+d2brpW+crF+uS6
Threatray	4'847 similar samples on MalwareBazaar
TLSH	C0058D1E73E08346C1A2C975534ED53EA3C8B82F926974CB2D4C318F6B79D06625EC7A
Reporter	Marco_Ramilli
Tags:	exe FormBook

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.DownLoader27.33475.7038.29231.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2019-02-20 21:18:31 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

25 of 30 (83.33%)

Threat level:

5/5

Verdict:

malicious

Label(s):

netwirerc

Formbook

223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a

Formbook

2548272de2d930f99b953bf466d49d5f850f4f9105ff420937edfa9ae70aff7d

Formbook

32b9acce63789d2b83866bca1e45f827835ce2f8c2c61fe79d809c441153058d

Formbook

6cfae9fac2b59c2520f8911a66bd16899886170ff2a5f17f40161ac47f66b0ff

Formbook

7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6

Formbook

9fba6ffeb90dd242748718d8272a4942496e76a4f68bdb4dd42f93b044b5ed50

Formbook

c4e474e869076cbf955d57568015fe56732e0b3af1592f03e023063ac2875030

Formbook

e30934706120cb94fa1b52ff9d64ae43a3ea73b51efeaf50a936a982a9a7d5e2

Formbook

f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c

Formbook

+ 4'837 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Formbook

exe e3a2d9d8eef268fafbeaeaf36b05c94ce9a4cf725c77dcf49d8c42d0fe012014

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/140896/

URLhaus

https://urlhaus.abuse.ch/url/140903/

URLhaus

https://urlhaus.abuse.ch/url/140910/

URLhaus

https://urlhaus.abuse.ch/url/140917/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::__vbaSetSystemError MSVBVM60.DLL::__vbaExitProc MSVBVM60.DLL::EVENT_SINK_AddRef MSVBVM60.DLL::__vbaFileOpen

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample