MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fe467798339147792366428612398f3cf4a6673900a87a8e3e924656ecbba699. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fe467798339147792366428612398f3cf4a6673900a87a8e3e924656ecbba699
SHA3-384 hash: 2ad3be7bd061dfe891b2c6e9948935a5bb701af7c63b8e0977ceac09d539758bd7649bf2a7db57e3e3209c095aaebf4f
SHA1 hash: f77c57526bb4413c885feb79beb64d63b8af35ca
MD5 hash: 3350a71f73f0ac67f88113ede092ffac
humanhash: snake-bluebird-friend-steak
File name:albadrpower.com_akwudo__Offer.exe
Download: download sample
Signature Formbook
Create hunting rule
File size:651'264 bytes
First seen:2020-03-18 18:16:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d3a7cb9e3139e5b384b635ec57cf3895 (1 x Formbook)
ssdeep 12288:PaTv8UwTEgVb1EeosGhV/vt9aldXoZzCYrNYACZchLTkrVeyaPya:PmvHpgVhrRe/vGldYZGYrNYACShLTkad
Threatray 4'833 similar samples on MalwareBazaar
TLSH 35D49D62B16739EBEB05D3BA32949357C7D4543B3BB1A64B6E06074E4C3ECC67A23610
Reporter ov3rflow1
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Inject4.CNQV.19774.19196.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2018-05-16 17:59:00 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
2fcab21d4d5863ef934dd19e96379fb5e796b9ae4d77d1d6784bfc25887ffacb
Formbook
322427854deccec94e7331e8d3faa9f2701289b8e2faac322889c5b04d6b8f5e
Formbook
3259355435f9e6a9b041b93c2faa1ad8a3867de478a436606702593e4e130dd0
Formbook
52b517b0e9be1efed3349ff5b7e7e4a392881437d7bc9ccd7b94bbc23e28a2f9
Formbook
565eb959d96fa0af1735a761aa0b87de4bcb887e80d3802e9cf92efe7bd2b554
Formbook
87e9fa1e6f94daff35bb691d4f72fca88b0b807d2494377e63f473fd0c02eeba
Formbook
9b2c6f08cd9a4e3b144422de4d540290542ce50239f2c85697a036a461b25264
Formbook
a88caf11b01cea311aca13b6e757a8974d5033e1acb8749b9d1951ed0d93d44c
Formbook
bfa0531240e8ae03aee76df45f9e4c8748ad739a63f47c81269d7b2ca05fc329
Formbook
cfa40c1b8552fd4db408ba6cc0d622c3fed256ca4e684e4277291332c45975fb
Formbook
+ 4'823 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fe467798339147792366428612398f3cf4a6673900a87a8e3e924656ecbba699

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/10794/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaSetSystemError
MSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaErrorOverflow

Comments