Formbook - Detection Rate
VirusTotal detection statistics across 177 analyzed samples.
Last updated: 2026-05-16
Detection rates show how many antivirus engines on VirusTotal identify Formbook samples as malicious. A high detection rate (30+ engines) means most AV vendors have signatures for the variant. Low or zero detection indicates recently packed or obfuscated samples that may bypass signature-based endpoint protection.
Why Detection Rate Matters
For SOC analysts and threat hunters, detection rate is a key indicator of variant freshness and evasion capability. When Formbook operators release a new build with updated packing or obfuscation, detection rates drop temporarily until AV vendors update their signatures. This window of low detection is when organizations are most vulnerable. Monitoring this page helps you understand how well your current defenses cover Formbook variants.
Recommended Actions
If you see undetected or low-detection samples, consider submitting them to your sandbox for behavioral analysis. Update your YARA rules to catch Formbook patterns that signature-based detection misses. For the latest sample hashes to cross-reference, visit the Formbook samples page. For network-level indicators, check the IOC page.
Detection Distribution
Per-Sample Detection
| SHA256 | Detection | Threat Name |
|---|---|---|
| 78ddb86c7e16686c... | 55/72 | trojan.formbook/noon |
| 2119f966c3d9382f... | 53/71 | trojan.msil/taskun |
| 20b24b43f6ff60c5... | 53/69 | trojan.msil/taskun |
| 851cfb84502c1e3d... | 53/71 | trojan.msil/darkcloud |
| cda6a5e6cfad4f58... | 52/71 | trojan.msil/bplogger |
| 7cbdc3ffa1f6afc4... | 52/70 | trojan.garf/strab |
| 2788fb910102febe... | 52/71 | trojan.formbook/mikey |
| bfe08186ed24f6d2... | 52/69 | trojan.formbook/babar |
| aad25d1908ba6198... | 52/70 | trojan.autoit/noon |
| 06b4ddac05fc7398... | 51/70 | trojan.msil/filerepmalware |
| 903ec037859ba0e1... | 51/70 | trojan.msil/fuery |
| 67ff11dca6102d11... | 51/69 | trojan.msil/taskun |
| 560eebed936f112b... | 51/70 | trojan.msil/noon |
| 83b22649ee530fda... | 51/71 | trojan.autoit/noon |
| cb48a1b95924a62d... | 50/71 | trojan.msil/powershell |
| 0035d9424bdee5b5... | 50/72 | trojan.msil/jalapeno |
| 422417f778a34bff... | 50/64 | trojan.formbook/noon |
| 3680ce1ea0b26bed... | 49/72 | trojan.msil/formbook |
| 2af9816b540cfa33... | 49/65 | trojan.msil/cryp |
| f97e2ce9f20d7211... | 49/71 | trojan.autoit/noon |
| f37e88ccac15a8cb... | 48/72 | trojan.msil/phantomstealer |
| 82024b293b8ce6ac... | 48/70 | trojan.msil/powershell |
| 68f76d6afc51ec80... | 48/71 | trojan.msil/noon |
| 274137298b71f344... | 47/70 | trojan.msil/formbook |
| a4ca575207a3457b... | 47/72 | trojan.msil/basic |
| 05af48bc123af763... | 47/66 | trojan.msil/darkcloud |
| cae269e0773f6380... | 47/67 | trojan.msil/formbook |
| b28e7ee3053e8944... | 46/64 | trojan.msil/agenttesla |
| 6e86685cb2897146... | 45/71 | trojan.msil/jalapeno |
| eb663f16fb1e5112... | 45/69 | trojan.aotera/tl0101e126zw |
| b9277014b5a639d3... | 44/68 | trojan.giant/lazy |
| 70b469b8018947ea... | 41/71 | trojan.loki/msil |
| 949eb105fbe7d0c4... | 40/70 | trojan.babar/formbook |
| 8d813d5d24a74b6c... | 40/68 | trojan.msil/formbook |
| fde78edfa6163f53... | 40/69 | trojan.msil/formbook |
| bab2072b9bca8b95... | 40/72 | trojan.autoit/formbook |
| 042f6d8fff507d22... | 40/69 | trojan.msil/injectornett |
| af3f5610187dd9fa... | 39/70 | trojan.msil/remcos |
| ead0a612c58e858c... | 39/68 | trojan.msil/cryp |
| bfe726695213b853... | 38/72 | trojan.msil/genericml |
| 76cc2e6844b7360c... | 36/71 | trojan.msil/cryp |
| 45fc07f4eca49188... | 36/71 | trojan.msil/lazy |
| 1476b66b2534df2e... | 35/71 | trojan.msil/exnet |
| eb11e9e446bb1438... | 35/71 | trojan.lazy/msil |
| a8e8d4768f4c1a93... | 34/71 | trojan.msil/powershell |
| 41afa43a3aea61c4... | 32/72 | trojan.msil/formbook |
| 5e80f5937939b808... | 32/66 | trojan.msil/formbook |
| 397dc318a3dacac1... | 31/63 | trojan.aotera/tl0101dt26zz |
| 0ee024b38ef1d942... | 31/70 | trojan.msil/negasteal |
| 03e93562a693f28a... | 30/62 | trojan.drop |