MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 e648242a45bb301624f021da66376b86fdb9ea6eab702574c5a1504a75655d15. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Formbook
Vendor detections: 4
| SHA256 hash: | e648242a45bb301624f021da66376b86fdb9ea6eab702574c5a1504a75655d15 |
|---|---|
| SHA3-384 hash: | 3e6f4a82877b5e8753a4ba64bad7e93ddc95661f442e0f5e9291b9bc4b5f8e4f66d1ed3f572da1e255de81281549a085 |
| SHA1 hash: | 3401a2f163bbf93c420cfff947112f45fb0942e2 |
| MD5 hash: | d1d0d491900da573e62d6330461773f6 |
| humanhash: | leopard-moon-florida-chicken |
| File name: | SOA.zip |
| Download: | download sample |
| Signature | Formbook |
| File size: | 599'115 bytes |
| First seen: | 2021-02-22 07:07:23 UTC |
| Last seen: | Never |
| File type: | zip |
| MIME type: | application/zip |
| ssdeep | 12288:XyGBwH6bH2npqWO9YZQ5oHyiPzjIp7AbEE4Ne/Wfk:XuH6bH2n1O6ZHHpzjIpvfs |
| TLSH | A8D423D7A2FD5024D66362DA38A5301DCE46F72B7F18C58ABEC83BD21B0686624917DC |
| Reporter |  fabjer |
| Tags: | zip |
Intelligence
File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Threat name:
ByteCode-MSIL.Spyware.Noon
Status:
Malicious
First seen:
2021-02-22 04:32:55 UTC
AV detection:
6 of 47 (12.77%)
Threat level:
2/5
Detection(s):
Malicious file
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
exe Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.