MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 09476389f92f23216cbb99cf3dce7e07deee2fdc29d63b066aef91e9b1a78197. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 09476389f92f23216cbb99cf3dce7e07deee2fdc29d63b066aef91e9b1a78197
SHA3-384 hash: 7fdadc073c8d859f46aef10cc05b91267c756a348716ccaccb891307eecd72f531f48a70b252e9351af8976d4fe9adeb
SHA1 hash: e2fe4df7718930237c910c94b532d84740e774ec
MD5 hash: bda298b68385f9ea5bce255c3e13f35b
humanhash: kentucky-asparagus-alabama-yellow
File name:TT GLOBAL-INV200300004 & SOA.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-04-01 08:27:46 UTC
Last seen:2020-04-01 12:19:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 26bbb3fc457cb781046551ce13c30570 (1 x GuLoader)
ssdeep 768:PPufs9Pu2/P4ppseTDWM7aUYT1OGRsjvt8k0HzG/byYn:OUu2Ha+e/WM7aUSsWk0HzFM
Threatray 1'688 similar samples on MalwareBazaar
TLSH E8A3D411FA409E90E028AEB18B3587DC57697D356E49BA4734C83F8FBEB12507052F9B
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.25338.16050.21762.UNOFFICIAL
Create hunting rule

Win.Packed.Vebzenpak-7649913-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-01 15:54:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bfdwhcpzf4rsc3f3thht3tt6a7po4l64fhldwbtk56i6tmnhqglq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
15c365dfb62dc041e46ede5ae90f2e0966d1000b5936f0ed5d68f5d10e813171
GuLoader
2ed2a56967e7cb3e18b8b2cb910b9e6d356a52a9b65a05309c36ec62fa09773c
GuLoader
9bebd6b8400a02ec36958c8cf06d3abc659b462d482fca3df8a3a64e42b3e234
GuLoader
9d545cae8b73e11800aaf794b2919bb8972511e4e217eaf1a51c3f38c17bb412
GuLoader
a570592bf5a21c1f55712fcec60a0536fedabe28b409d9a48fdc499185e154ff
GuLoader
d7162b14867eff2ee6b1c0506f91c4e8c1a1cea0ddae632bd49156a179549772
GuLoader
db740f36a91f4fa311184714bdb059022ba29a054975db509a5bb782eb542533
GuLoader
f17d48c8d179de191e519fa908648b977c09f91803b898d8e4fada52e423a8df
GuLoader
f1ba59863abc7d03f67577aa4b75ab121608c76433981f394651f2b327914e9c
GuLoader
fd70366a0abed417301e2a312927e5697e8ded01a50c830b408978fb61ff9241
GuLoader
+ 1'678 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

GuLoader

Executable exe 09476389f92f23216cbb99cf3dce7e07deee2fdc29d63b066aef91e9b1a78197

(this sample)

AgentTesla

Executable exe 3c8f16f32a6bf75400d5b33e92ad9520002a2bcc1a084d14367ef80e5fb0bbb8

  
Dropping
SHA256 3c8f16f32a6bf75400d5b33e92ad9520002a2bcc1a084d14367ef80e5fb0bbb8
  
Dropping
MD5 769c9d50343ea78e62560c01d0746135

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaErrorOverflow

Comments