MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 133531deb093f5e5684d02dd919901e8cb5369b81f9a36ef919451bf02555e55. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 133531deb093f5e5684d02dd919901e8cb5369b81f9a36ef919451bf02555e55
SHA3-384 hash: 4c592c7c73af3472e8bb8e3b208fb5e0b5bada2e182bca4bfb25931fb3bf5519e532a8ba0dd624bdbe2952438548a3a3
SHA1 hash: 1d818e96915521ffadc4ba0f171bc17198d1ac65
MD5 hash: 20f069fa273ee16d832573daa54059f7
humanhash: wyoming-bulldog-beryllium-quiet
File name:HSBC Payment Copy_Pdf____________________________________________.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-04-09 14:01:59 UTC
Last seen:2020-04-09 15:13:31 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c06bfbfcbd756610ebfd538d06c3ab65 (1 x GuLoader)
ssdeep 768:ot0d7C3YjE9MJMf9gfwMQ+BxAZqCUdICuMlj:rd7C3wswa3uDAZqzv
Threatray 323 similar samples on MalwareBazaar
TLSH F3A3D651BA40FD9AC01806729AB5C6FC8524BC344E85778738C53F2F39B58A6B982F97
Reporter cocaman
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.29609.29558.22636.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-09 13:00:48 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cm2tdxvqsp26k2cnalozdgib5dfvg2nyd6ndn34rsri36asvlzkq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0a6caea4ce7bf55029e1f01895a6c653fb2c5166f76dafcf94956dd8915e4eab
GuLoader
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
443bc33e9d28fddd4229367cde23085b8d57549093ce8e991eb4753ce58c85fe
GuLoader
4c1fe4c0f5d8d1277036802c83df3e083b31318dfc2c194ce93b7169d7ba6e3d
GuLoader
67348aa265e2504aa1a048466a767b016b3369dc0203f48eae80342102af54eb
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c3f8265bfcc61ef328a8f776318d74e588873047f51e0dc8e445c1f6d4334f30
GuLoader
dda25996ab5b78fa63ab71aa304360374fe2eb6ded670c778b2c69d9fa1f1e40
GuLoader
ef8f03a25087eeab581d8439a0a19ba7148270d2210d479c1d6867fac69dc813
GuLoader
+ 313 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

iso b9df2f1b0af14abe76816fd4bdbced790b358bfdf1147386e5c1ce5f1e83c6af

GuLoader

Executable exe 133531deb093f5e5684d02dd919901e8cb5369b81f9a36ef919451bf02555e55

(this sample)

AgentTesla

Executable exe 5841754eb3bf70c6eebd7e95b270cff96fb86d370f031b6430af922c99364722

  
Delivery method
Other
  
Dropped by
SHA256 b9df2f1b0af14abe76816fd4bdbced790b358bfdf1147386e5c1ce5f1e83c6af
  
Dropping
SHA256 5841754eb3bf70c6eebd7e95b270cff96fb86d370f031b6430af922c99364722
  
Dropping
MD5 2b76960d7bf16f617085b05b09193bbd

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments