Extracted

• • Target

    SecuriteInfo.com.Win32.PWSX-gen.1463.exe

  • Size

    1.1MB

  • MD5

    0ce09a0d9e6f501f9b4839058a712ef6

  • SHA1

    de969216ac3b44862c490f0d8e74911fe36915e0

  • SHA256

    68ecb3a0784bbfd4ac9f3d1c76cfc09cff02b4298839e2e1b293e9ef8833b265

  • SHA512

    b63d3616ece35dbe634558a79d7d6cacc1b5d237288b440aa1f9e0e78c73f9cc1875e590dfed4269cb0b1ae41f982e388d9da0563a752371d33da83ff5745843

  • SSDEEP

    12288:2qDhBzE3BExvIGnv9friMBm2pIsVMspKeUlP4ysY/LC+kobWX6GeakXwM:lcREqGFfri63K1sY/LoqWX6F7f

  Score

  10^/10

  formbooks92nratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2