Extracted

• • Target

    NEW PURCHASE ORDER_PDF.exe

  • Size

    694KB

  • MD5

    cd2b13a269e4c6a8838a2fc606569368

  • SHA1

    afcabd48a8d7ae1fa1087c352b4c4418a40096da

  • SHA256

    4fe14578d232d798a8aa4564ac8721be8d05b85ea32e7a85f97de0f34abcff7e

  • SHA512

    c41a582d09e07b2a8004622892ceaa378965f03163d1a6a26551ee7df19af055d0eb78b2b77dad484ca2d266a6ac7162b0c75852d056ebe27734d69e1fdba11b

  • SSDEEP

    6144:7Bn1pkNz07AFqV5/kcbVJloA/NpZbFjOKMvMi7su/zmXF874Ns:P5/bZJTpiKMkKsunES

  Score

  10^/10

  formbook54utratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2