MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0af4f2da56ea21575a114dc8d848beeedbd79d4ad75f39f6f50e20fcac62cca1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0af4f2da56ea21575a114dc8d848beeedbd79d4ad75f39f6f50e20fcac62cca1
SHA3-384 hash: c009e62e3e394f2a4392cf37cbc8a97077582b05091bdcb5449d2d7a6f9615a27f146190ff566a2c23f3e25caba5b0ed
SHA1 hash: 9865ea92cf4a86099d42136b1113d2bdfae78a6b
MD5 hash: 609dddc081545a876a1959062a460c12
humanhash: burger-autumn-nineteen-mars
File name:PO#2002-007.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-04-02 04:42:34 UTC
Last seen:2020-04-02 06:08:11 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4680f53c05c5855452698146b9eb02fe (1 x GuLoader)
ssdeep 1536:/kGUgLElUcsypB+aum5LEo3lg9p+QXkU5qaGTmdNQGqkYFnnOlFRO:JPEmcsCIaxi6ehM
Threatray 805 similar samples on MalwareBazaar
TLSH 2DB3D712BA50EE40C4044EB2AF3583FC9174FE32DE886A4B72C13F5E76B55B1A062B57
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Filerepmalware-7646386-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-02 05:35:51 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bl2pfwsw5iqvowqrjxenqsf653n5phkk25ptt5xvbyqpzldczsqq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
12bae6b2d092fc8c776ea509d90b393df8e8f336214bb155f7e2d7f18beb4cb1
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
30785da049b13f1cd228be54f6ce25d801f3fc4890dada9464830e078df7cf94
GuLoader
443bc33e9d28fddd4229367cde23085b8d57549093ce8e991eb4753ce58c85fe
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
d5daf1b01edc6e88121fa81c5374bf5b8d86ac67ba9d18d0babedcdb774e89e8
GuLoader
dda25996ab5b78fa63ab71aa304360374fe2eb6ded670c778b2c69d9fa1f1e40
GuLoader
e60807fbf4c0191dcca332ba7a7886bec872472e3d5dfc6cb9cba39b6c4f6322
GuLoader
ef8f03a25087eeab581d8439a0a19ba7148270d2210d479c1d6867fac69dc813
GuLoader
+ 795 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

GuLoader

Executable exe 0af4f2da56ea21575a114dc8d848beeedbd79d4ad75f39f6f50e20fcac62cca1

(this sample)

AgentTesla

Executable exe ca416554a0bbfe4b62c386e95499c317bb75cf45c63b485f12517e5ac7640afd

  
Dropping
SHA256 ca416554a0bbfe4b62c386e95499c317bb75cf45c63b485f12517e5ac7640afd
  
Dropping
MD5 e49e182680c90df1bd7e93760d2e54e1

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd

Comments