MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0fc76f1453db81e8fa50b7e685827e0f5126c25c91de2a25552af3273bb407e9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0fc76f1453db81e8fa50b7e685827e0f5126c25c91de2a25552af3273bb407e9
SHA3-384 hash: 5ff38170d6c672b4e51b113c708768e4f1b535905b8ca981eb4663b908010963dae3a0feabbfce2f743620be8429eb88
SHA1 hash: f9e706368c4600b24cd94a2b3989c8ed451f063b
MD5 hash: 86c53735b282878d0e59fcfbbb39c199
humanhash: gee-mississippi-oven-skylark
File name:Inquiry for Quotes.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-04-06 05:30:29 UTC
Last seen:2020-04-06 06:38:56 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 102c9ad7edd569fcc945faca8d94e348 (1 x GuLoader)
ssdeep 768:2QS4MorM48fz/azysvqYyhJ0kJuDGi80Qd4ns4FOTe:g47M4ua/ryh3Juqn0w4nsEb
Threatray 712 similar samples on MalwareBazaar
TLSH 81A3D626BE60FD61C0008AB09D7ADBEC4525BD30DE816A037ED07FAE3D75181B966B17
Reporter JoulK
Tags:GuLoader Loki

Intelligence

File Origin
# of uploads :
2
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.LokiBot-7668106-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Guloader
Create hunting rule
Status:
Malicious
First seen:
2020-04-04 11:53:08 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=b7dw6fct3oa6r6sqw7tilat6b5isnqs4shpcujkvflzsoo5ua7uq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
13c555d2bc29bc384b7c496c0aefadfbe38d7b415e11c43bdbcfdf702062d1f3
GuLoader
50a4a0067a0756996b12da1316f2574a16316d050b675114c8ae60c35e99cf5b
GuLoader
70d577aba943b783ec606abcfa912bf97c9fd4f22d5e46ff1d718d350a8e4fcc
GuLoader
9bebd6b8400a02ec36958c8cf06d3abc659b462d482fca3df8a3a64e42b3e234
GuLoader
a6cc856405546af76f769ae3148e782571675af436ae9701c17d081266d6c835
GuLoader
b289e7a3e27dfee54ea6a2610a3cc690b96d7dafec31756401349935e3d83202
GuLoader
dcf5521ac420d05a5ad5590673c275b37a4720496c08fa225fa695141a809867
GuLoader
ddf6f04276c1d976e62e199e6c928fb7a3d7aaec455a1859f8d8f605c89ffc64
GuLoader
ea816a801d2882a3da04ae2b9ac3e20e0959a95d18dfb17c55bb786b3ba2c743
GuLoader
f1ba59863abc7d03f67577aa4b75ab121608c76433981f394651f2b327914e9c
GuLoader
+ 702 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaErrorOverflow

Comments