MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 08859ac4f1ffc2f704daef2a26e05b4f36c93ac54f2288f0c00f15395819f36a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 08859ac4f1ffc2f704daef2a26e05b4f36c93ac54f2288f0c00f15395819f36a
SHA3-384 hash: ace6577380fff6fb9a29ab14dd7388340be4714d977fc69ef97156924189d186117edc400c4982ea56242b3ab52d97b8
SHA1 hash: 7d4e5275f6c48bc30003102d6b728ffb47271fa7
MD5 hash: 6a9ca52f71f20f56f42f538203fc2a68
humanhash: uranus-sixteen-beryllium-eight
File name:REQuote_45893216_33661100.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-04-25 12:18:20 UTC
Last seen:2020-04-25 12:44:40 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f8c479824061194f7f47140b21d664e0 (1 x GuLoader)
ssdeep 768:hOXBITsjUgKyx8EaJvbTrz6v5Vc3A7v92Hog9BaWoYbDAn:hOXNjfKyx8LJvb2h2097n
Threatray 111 similar samples on MalwareBazaar
TLSH ECA309A175E49E66CF0485B25F6286E924DFBC711981DB0B31C3762CAE33780A57236F
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.VBGeneric-7689636-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-25 01:15:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bcczvrhr77bpobg254vcnyc3j43msowfj4rir4gab4ktswaz6nva._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08361399bcfd6c87b301f7dd61be86d5eedf3013608d3cd98c818435bd43a724
GuLoader
20b3c1c5495ed7389cb63dfe6f990c7acd72edd8a6e385cbe698702647d44649
GuLoader
290452bb8eb4dfcc3cfb1590c8fb1b44427a3c9f0439ad5855e35bc39537a3a3
GuLoader
3016eacec1bd033e76ea07a84a8eb04c9e069cd1700e9162e2479ba9bcfa2387
GuLoader
466f64cfb6b39e848c5e07746723bdb07f2ca19fd02fcf24fe0ce7e54893350b
GuLoader
5fb20cca77d85fedf3653f24c8109d985c946955ad50ffd18bff9e33d64bc5ef
GuLoader
7f74994cfed1a06818e7083a8d1f462065a21d23d742e59ff0a9a66a6bf93bf5
GuLoader
b0db92be4f4c812dc5afd007d59f5f2c0288497bd002ae40f96ca7e6b6cb7b83
GuLoader
bea57552e1978630f3038e4df06ea8fe0d34c9c1656c971f2bb01a894b0f67eb
GuLoader
ece7d3e5aacd8144e1a460a56c1fd06cebe0d325c640144295c70ec8d179f39d
GuLoader
+ 101 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaFileOpen

Comments