MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ffe7e9077f89d196d10951c789e7c466ae0949c2bdb14c0b0d0e3755aee7029d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

FormBook

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	ffe7e9077f89d196d10951c789e7c466ae0949c2bdb14c0b0d0e3755aee7029d
SHA3-384 hash:	2a43c16fab73acbc598270169b4810d289850de9ae4146c1a1fd8479f0370c7776523830b8b41036624fc52d471e08be
SHA1 hash:	6e5ad9723665ee3c75f344469e002233325e07c9
MD5 hash:	dbcbf980472ccf68a80ddde66828819c
humanhash:	five-mango-island-quiet
File name:	invoice.exe
Download:	download sample
Signature	FormBook Create hunting rule
File size:	585'728 bytes
First seen:	2020-04-30 07:32:58 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	260015fdd85bba1d7173aede5e586032 (1 x FormBook)
ssdeep	6144:rC5FCYtI2lwG9TXqJyjVYDvUHZXo6wghUDwNR6U316kh3tK3LmhF0EupCRAZcTiD:rsdGG1Ay+qlPj316kzey/OkR218+l
Threatray	5'066 similar samples on MalwareBazaar
TLSH	96C4F129EDA5E332EA50C5F02E02557340489F3CE41A91CAE154F7AC3B748FBE99A357
Reporter	jarumlus
Tags:	FormBook

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Dropper.Ursu-7329997-0

Win.Packed.Midie-7339230-0

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2019-10-11 04:36:00 UTC

AV detection:

28 of 31 (90.32%)

Threat level:

5/5

Verdict:

malicious

FormBook

0a48a4027eb05b188d2cdb83f220a3160c9b5c9006df53306bbf5e4ad9ec55c2

FormBook

0cbc16717ef6c0d7e1d8ac2abba091925aec1b77db20cbff97407fcd5288736b

FormBook

17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f

FormBook

2302aa79bb34eb683a91324995a9fb366bbbe55dffb53deee00b842e75ad19c0

FormBook

3f86f49f3c2e3583c70385971bdba545c85d8f2d66f8923bf446dde88be3afc0

FormBook

4e0e1ee117544cc9cb6784d36db3d349624ef1c888267b1e266a03ddb17d33a1

FormBook

5f657de9b0eaeb9eabf6d18a202f7b8c7daafd71d03387366069fe9ebd5f282a

FormBook

887de911a26e0008429adcba8abc212d36423fae62d40aa1df57e2883db77d45

FormBook

97d8ae62cb751e857b04d9eaa68ee2acce3d7243009bdb04639a729cdfc7cbf3

FormBook

+ 5'056 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::__vbaObjSetAddref MSVBVM60.DLL::EVENT_SINK_AddRef

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample