MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 005937660636d5c4dbcad5ca1e0c983540b3fece41d25cd401e44bb8f6bcc986. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	005937660636d5c4dbcad5ca1e0c983540b3fece41d25cd401e44bb8f6bcc986
SHA3-384 hash:	1e38a2bce82df6539d5bddf37b65e1c14306f7ab79d15f629553d49f552d399726b2eecc533f67a687517706c6e8ef70
SHA1 hash:	d9f2e0c8da54c4963728892446a60caceaf73193
MD5 hash:	f3565a6fbcdd048bd1fc997dc9570580
humanhash:	cold-pluto-table-beer
File name:	Document PO645453 ITEMS & PO463.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	98'304 bytes
First seen:	2020-04-07 14:16:01 UTC
Last seen:	2020-04-07 14:48:21 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	a40f264b2aaa50cd488addc819841d60 (1 x GuLoader)
ssdeep	768:i+VMgfYfKfj5YRmJZoWFf1IIRVznZjA+j03wcml3nfOGr:HVMgfYfctYRsFfPdx0AcmF/
TLSH	5DA3E802B990FED1F8005FB25A77AFAC46E6BC7499046A47B5C13FBE3E701413911B6A
Reporter	jarumlus
Tags:	FormBook GuLoader

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Mal.FareitVB-W.6280.17710.UNOFFICIAL

Win.Downloader.Minix-7705442-0

Gathering data

Threat name:

Win32.Trojan.Remcos

Status:

Malicious

First seen:

2020-04-07 14:30:01 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

25 of 30 (83.33%)

Threat level:

5/5

Verdict:

unknown

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

GuLoader

exe 005937660636d5c4dbcad5ca1e0c983540b3fece41d25cd401e44bb8f6bcc986

(this sample)

FormBook

exe 9fba6ffeb90dd242748718d8272a4942496e76a4f68bdb4dd42f93b044b5ed50

Dropping

SHA256 9fba6ffeb90dd242748718d8272a4942496e76a4f68bdb4dd42f93b044b5ed50

Dropping

MD5 973b8809995a463304e9b71ec525bace

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::EVENT_SINK_AddRef

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample