Extracted

• • Target

    func.exe

  • Size

    574KB

  • MD5

    b7966509ffcab300d06f0aeb1d1d8533

  • SHA1

    2d2f85b7af551e1364b8b6f1a8fa6db1c1a88d5e

  • SHA256

    3d0947f988743a495c85b5041d7fe4b8753b7539a4d87e068eeeaddabbf16d1f

  • SHA512

    e184a59e66dcdeef5c155a8bf791f2b87daed7758e5429044d9417d6f2bc728f5018be017d7f9eb3c17f3d417dd2a6b5a67f01aa72f189a6e41ebd41da14f060

  Score

  10^/10

  formbookevasionratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook Payload

    rat

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Deletes itself

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2