Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Formbook, Formbo | FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware. |
|
|
AV Detection |
---|
Source: |
ReversingLabs: |
|||
Source: |
Virustotal: |
Perma Link |
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
Source: |
Joe Sandbox ML: |
Source: |
Static PE information: |
Source: |
Static PE information: |
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
Source: |
Code function: |
7_2_02F1BAC0 |
Source: |
Code function: |
0_2_04CC2E0B | |
Source: |
Code function: |
0_2_04CC2E10 | |
Source: |
Code function: |
0_2_071024A0 | |
Source: |
Code function: |
0_2_071024A0 | |
Source: |
Code function: |
0_2_07101C08 | |
Source: |
Code function: |
0_2_07102495 | |
Source: |
Code function: |
0_2_07102495 | |
Source: |
Code function: |
0_2_0710F128 | |
Source: |
Code function: |
0_2_07101FD0 | |
Source: |
Code function: |
0_2_07101FC5 | |
Source: |
Code function: |
0_2_07101D78 | |
Source: |
Code function: |
0_2_07101D78 | |
Source: |
Code function: |
0_2_07101D6C | |
Source: |
Code function: |
0_2_07101D6C | |
Source: |
Code function: |
0_2_07101BFD | |
Source: |
Code function: |
6_2_0869B583 | |
Source: |
Code function: |
6_2_0869E7D3 | |
Source: |
Code function: |
7_2_02F09290 | |
Source: |
Code function: |
7_2_02F11FFB | |
Source: |
Code function: |
7_2_02F0DD18 |
Networking |
---|
Source: |
Snort IDS: |
Source: |
IP Address: |
||
Source: |
IP Address: |
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
||
Source: |
UDP traffic detected without corresponding DNS query: |
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
Source: |
DNS traffic detected: |
Source: |
HTTP traffic detected: |
Source: |
HTTP traffic detected: |