MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e57f25d5e621d74f5bf0ebfc736d97bf7bd78a7ab94ab900b8d7282343cf8e90. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e57f25d5e621d74f5bf0ebfc736d97bf7bd78a7ab94ab900b8d7282343cf8e90
SHA3-384 hash: 9baf92506bdbffb063dc4929445a266d2ddcdb9b39ea3e7df094771b0b35bc7e8f5c0c1082fc9d635f92f330de7a28a2
SHA1 hash: a805aff77d0ea5d95ae5752b29fecd101e390c0a
MD5 hash: 3840cbbfff4a5e88df14490ef1166623
humanhash: double-mike-black-winner
File name:Shipment Document BL,INV and Packing list Attached.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:98'304 bytes
First seen:2020-04-07 05:17:14 UTC
Last seen:2020-04-07 05:41:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2bc3de3dcf3a210ffbb26ec005fafe05 (1 x FormBook)
ssdeep 768:LsvkQZVxZtsJJBPrjK1fg62AYDToCF4kWPazDZRw3bZrW4tufk6n+:Y5VxZtsJJJjK1I62AYY9aXwrZr4w
Threatray 232 similar samples on MalwareBazaar
TLSH E0A3D616F961FDC1F4004E715D7A9FAC06E6BC349E006A87BAC43F6E3C381467A91B5A
Reporter jarumlus
Tags:FormBook GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Noon-7689714-0
Create hunting rule

Win.Downloader.Minix-7705442-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-07 05:36:32 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
30 of 47 (63.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4v7slvpgehlu6w7q5p6hg3mxx555pct2xfflsafy24ucgq6pr2ia._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
FormBook
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
FormBook
2cd6fffb63a9a7e9c8b6709904d69954c4818e64dcf7e3bd95eea2a7ae28cd81
FormBook
35433f44f00f03bbc4edf627501a3c99eae9aa0bc6c366de8d60e097e53c72dc
FormBook
51f3a9f7ba793e867b3738a3f2707d11d3d839a099a70d6bb02c6b6aa68de4c8
FormBook
6d774b6ef4a21efee8a9116bfc18ab1a0a0609e058638a77566a29c9d98f7982
FormBook
a1ec16ea0d0f8133dfb05368d5137b6e49d90039dddabe9bb46b3bbc5278fc26
FormBook
aeb1bfcef382789091e72e2d6cae6e471123d0e8e7a5f39c64abf5a3d9a4eaa8
FormBook
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
FormBook
cfadd7df7cc82715d61fdab7c61ccda630542c6d4e860cfc87bebde2ad0e4cc1
FormBook
+ 222 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments