Extracted

• • Target

    textview66547.exe

  • Size

    1.3MB

  • MD5

    734282c3d93555760ee7347318299aa1

  • SHA1

    d17be364c71e18e647ad260f4d4f747996b7a753

  • SHA256

    38b573288a18231b62b0fe72ca5ea36f6d20303ce7658d82487523488399955b

  • SHA512

    e02b026077d13c57f4dfc6c74a06cd5f0d59213c37113e57b44915c97d20f767350feda8780d9138cde953430b88f9c20ec601cdeb3c4984483c9c4f446f9249

  • SSDEEP

    24576:iAOcZXp0bR4ZPmjscttv8MnhoUkjPV99npuezy71oporahyR6:ofR4MQcttv8MhoUkj9fZe6GRU

  Score

  10^/10

  formbookt01wdiscoveryratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook family

    formbook

  • Formbook payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2