MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3df464cdb09ec8aed7589b31541a291c9b921f49b2cc97aa34d363161366db8a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3df464cdb09ec8aed7589b31541a291c9b921f49b2cc97aa34d363161366db8a
SHA3-384 hash: bf050a5d17736e290e23e30813360c32535367605425fd629be1ad5355b2c48603b7e4c9e1079fafc8ccc58f18221a2d
SHA1 hash: 0689bdf5c591aa58fc8482047d65a25cee28d923
MD5 hash: 535d59bd65ee0669a1f8e115014f1aac
humanhash: cola-hot-burger-queen
File name:Payment Advice - Advice Ref[GLV124182676].exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-03-20 15:34:12 UTC
Last seen:2020-03-20 17:57:48 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d2f153d51de3167160cd61549699609c (1 x GuLoader)
ssdeep 768:/TZb88VjytQwFq+VoJ9T5vYOGs73GMR3M7kms0CxsNpS/am7cTS4Mb0X:/TBh6zsKoJxbjus0k2WamxNu
Threatray 760 similar samples on MalwareBazaar
TLSH D1836B03F750E826D8798F3EAC49D2E829577D656A52C64B36D47F0F28F10E1CF0AA19
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.VBGeneric-7639518-0
Create hunting rule

Win.Trojan.Vebzenpak-7639767-0
Create hunting rule

Win.Trojan.Vebzenpak-7640209-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-20 19:43:00 UTC
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hx2gjtnqt3ek5v2ytmyvigrjdsnzeh2jwlgjpkru2nrrme3g3ofa._file
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
guloader
Create hunting rule
Similar samples:
032624661ba64ab1c3ca40a7a47b3635ee6b6a3442ca6bfb7a41a4a8de7b0fb5
GuLoader
27d318fe5d1d8f02c39b6b82690e4be83eeb3f357618cbabd7d808a23924b277
GuLoader
2bd30faef9e89799bc33f076afc8f3521bc84018c8e27829e8f475ee1c8dc13b
GuLoader
4fb3528f5fc1a30b03cf69920e1db68cd4943c1c303a09cac0723a10abfcc378
GuLoader
5cd5f57afb04ba3ce4e5aaee5a7fa7d10b24a334e30911a49a4cc4cb52982848
GuLoader
65bd5f3bc433f60bfc5ea392aaa33539592d657cbe2d316b25b24c9e12c225cc
GuLoader
844fb0d61ff2be56043914797b2e0123e111f616bbd743e3ecfee5c340651146
GuLoader
a07051295b50dfe762f42e922f6815e4554ae1b392da5810b88893cb91ac3b7e
GuLoader
c76654971c4af60511d3583a3bd00c673904569aa93973687e14e95b9e80de6f
GuLoader
ecbbdea89347df30a9575353b8886499a88d30f5606f60c922c62e4a56637c74
GuLoader
+ 750 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3df464cdb09ec8aed7589b31541a291c9b921f49b2cc97aa34d363161366db8a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments