MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0b2c23184d7575924ccd5208513a561aa8a98461b6d558aa9bd12c7d488ce430. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0b2c23184d7575924ccd5208513a561aa8a98461b6d558aa9bd12c7d488ce430
SHA3-384 hash: c462cff6d9b57a9c2cae7d2b426e26cb43503c1c2571a32606149913ea8fd8b769d59284dc634601ccfbb027b19a3e7c
SHA1 hash: bd30783e485d9ced594199166abfcd93a65ab7c2
MD5 hash: 480b98efc98f38e5a51893372ede585e
humanhash: seventeen-yankee-lake-asparagus
File name:QUOTE 2020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-01 17:59:43 UTC
Last seen:2020-05-02 06:55:45 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1303973c13a34fafb50ae251377afa08 (1 x GuLoader)
ssdeep 768:jaOk5WbUCZaoHnHApNI6jlEiRau4PoN2tBUYlCKVpwCGYm6yxvP4e6vR:rksY5oHHAE0jaEKgCGYm6y5s
Threatray 129 similar samples on MalwareBazaar
TLSH 6893E855BED8F2B3D1A88AF6265AC5A008D56D3E39632F0777CC762F9739AC1D500223
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
4
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 10:09:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bmwcggcnov2zetgnkiefcoswdkuktbdbw3kvrku32ewh2sem4qya._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1b4e008beb2b395e53648c9a246ecafcb3df0543c5236a40cdb976a2007bbf97
GuLoader
3827270781e1757ffa4f6c953bba112cdd1afd673e26f639023bcaeb1cae94a0
GuLoader
631a30f2f8d182709534c3ab4aa1d531df4147997258ab7c7f819ae51f3e5e2d
GuLoader
6b03cfee0a25254f46bb2c3138ece41f2c0255a70141e3f457389e07120a153c
GuLoader
9b77dffb83a26f126a334f4dd9de9c8a21802a1b05de3067584ebfa25826f9fa
GuLoader
aada59d2334345770be8c2392e761b1f8361844ccd64852a0aac3b79ba7d88bf
GuLoader
b9e80d2e7af4a98e04149a178f065f16e08f1c8807d01a0c8e6fe694bc8bf53d
GuLoader
bc7839a9de72c7c7640d259622d1e1b0ed7ebb326a9db7fe45a6ac5abd380aeb
GuLoader
bcc7af2de70a30482b2b1b282579faf215fed0f5f9e9f9c060f81d720845df3c
GuLoader
e20afb0d09a4e47be30404425e599d42071b310c01f0d9674567a4f3e284b62c
GuLoader
+ 119 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd

Comments