Extracted

• • Target

    SecuriteInfo.com.Win32.BootkitX-gen.24031.exe

  • Size

    972KB

  • MD5

    3e336e588f8433c914b415a282d14b0b

  • SHA1

    a5b36cf34d9ab4aca8b07a723848dd1dfcc755a4

  • SHA256

    a88e5d5fb17e50a25cf6dfe2512fc45cc3f712dccccee2d08ee7d1dac7086e5e

  • SHA512

    542aed70db8435e595b4552cf8c8abb97bfc02ce0702c28a6758a5dd184cd6418bd86f70b4055be2392b6dce12e2629d98a380d24dfcf2e9978b7bd70ae71e0f

  • SSDEEP

    24576:1HneAr5UNl6hdN/qq0Ztypw9bN+Oz2jrl:1HTiPkJPTOz2t

  Score

  10^/10

  formbookba17ratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2