MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2adb6be5546acb42c8717b93181d13b7b174f5b13529921c5a0f72d4bd356f4d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2adb6be5546acb42c8717b93181d13b7b174f5b13529921c5a0f72d4bd356f4d
SHA3-384 hash: 2525c9eb369cace05da80f814525824a37159b7216696cf3d50ead30f8eb0a95119e9df42b4ebe302ce9b96729ead72b
SHA1 hash: 2dbe40128db6c5d92a4f5ccba4551600778f41dd
MD5 hash: 79bb1335a2363a40643fc8208298bf66
humanhash: six-virginia-beer-happy
File name:win32(5).exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-04-28 06:00:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b635cd68bfbb2d4571a71688677d31f9 (1 x GuLoader)
ssdeep 768:yOuxywjp8eM+6UjrThxClgL1rr8Oip5YYaViQ67gdI14du2+:7wWq6grTh4JOifYYaViQ9dI14gD
Threatray 186 similar samples on MalwareBazaar
TLSH 0D733A32B59C9ABFD060DBB05B11C6F85567BE304E108E8375C13F8EAAFDF4199606A1
Reporter oppimaniac
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.VBGeneric-7709439-0
Create hunting rule

Win.Dropper.Vebzenpak-7723867-0
Create hunting rule

Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/350498
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-04-28 04:54:15 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1bbfe8a6da9f2617bb13d2b72d2d351fbcce3706012b0945b8ee4b2f72a0ff24
GuLoader
453dacb9349991ae41f06e03837a54f188f0c60869b2bd6c187a46629d4bbd55
GuLoader
4ba3953776f89e7754d6685f63425f9b94fd5abfc5c0bbd2781bfb4b4c3da838
GuLoader
56c48ad772316105766bebe5da6b16a4475c7de8bc6621dab5fa896912d0ae40
GuLoader
5b59dac589de1279260d3b8976a210779abbb56447ca52679608357e67bc637b
GuLoader
845e969b751df1e263bcf033a16c1f49ece421d2ae8133bd04714bc0df71b088
GuLoader
982918d155617975c06c471aab26a4049c102b69dac8c6d6a3e1022f111e71a7
GuLoader
e031beb4c230faf0d895f0d40e5063d56c41d11cf6208a531a35176cd76e3a41
GuLoader
ed33a55395aa0b7061266a9c61b87fdecfb3fd0605ac1ca342751f9deaf25930
GuLoader
f8e186c218a4ec518e457f4e23eb43ab3c6067592ac2f5c4170d2f2a793df375
GuLoader
+ 176 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 2adb6be5546acb42c8717b93181d13b7b174f5b13529921c5a0f72d4bd356f4d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/352836/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments