MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2d3877e6e33b4a3763ccdb6a68f4998d48d048c8b36a5fd9c2054ac2377e43dc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2d3877e6e33b4a3763ccdb6a68f4998d48d048c8b36a5fd9c2054ac2377e43dc
SHA3-384 hash: 2123e41e088ac561bf28e5ee442f6570d77bbaf384590352d0b5f085f20c6add15cb3d2384a9a0cc9a10a2004c15231d
SHA1 hash: 4f6ec0bf48d1abbb9f6157993759cca349ed2273
MD5 hash: 28e8d4127b8a839745b399f923f72242
humanhash: carolina-music-five-network
File name:PO#16716016-A001.bat.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'638'688 bytes
First seen:2020-04-30 07:34:06 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 91be43632b8c5fed2af01816593a0e5f (1 x GuLoader)
ssdeep 24576:bXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXY:LuB/jKZFk/GM+CsmqtqFWM4mNl
Threatray 391 similar samples on MalwareBazaar
TLSH 0175D047E2581179C05445327A7D0B9257F22BD0FB3BC2671BF832EC1A35AA97822F5E
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments