MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e9112b343c87d170c86000f87788f3a19422e24ca9bb3681d9ea83fe513e5f5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e9112b343c87d170c86000f87788f3a19422e24ca9bb3681d9ea83fe513e5f5
SHA3-384 hash: c24791728262d8e6d0576cefe5c07024f7d6a99b3de182e2775e6ae92ca1008bfa5509b702b2de85d540e34f635f4f81
SHA1 hash: 7a38d70981757cdef8cf4f4b25f2b14194dcb4c5
MD5 hash: 0a66f810bdce2a714bf5da9c36cbafed
humanhash: violet-south-tennessee-west
File name:DOC (19).exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:221'184 bytes
First seen:2020-04-21 15:32:56 UTC
Last seen:2020-04-22 07:40:13 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 8dbcbdeec6ea197d08a33d2e1b28b9a0 (1 x GuLoader)
ssdeep 1536:hMwbEudi810zxEJw87lzC7ryr8RI/WAQsbpNkUxDAX9m30jMbx3nlrYE4id/I:DbEufckf7iGYR3Wp69cbxBh4id/I
Threatray 175 similar samples on MalwareBazaar
TLSH 2424E841AEB8A427C71886305EE6D7BDC24C7ED0E9E1C90F1090775BAF3378615A662F
Reporter jarumlus
Tags:AgentTesla GuLoader

Intelligence

File Origin
# of uploads :
8
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Agensla-7687283-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-04-21 12:49:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=h2irfm2dzb6rodegaahyo6ephimuelrezkn3g2a5t2ud7zit4x2q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
11da12022c4b4fdd9947dce6ccf0cde30cc34a1816f4a4791ce0f298133749ef
GuLoader
4675be33b1b3f4b1a348a86088a709b907841e6a6daaa37793c0ed994d40f5ae
GuLoader
74cfeab3123defd40a4efa419fcc77b17178c27b3b70b97972939f7a8d899957
GuLoader
7c808fef514fbb79de397a7c84bd1a2763b3b476c821d7c6f7d05b64501c900f
GuLoader
7eb35bd5acf41463c83df3ba2a3b7bc251192a730c02b1c8bbf0bebf5bb923da
GuLoader
8630725356bc4afad2815f39d01238d6e10477e04d19b5fcedcafc93c7519683
GuLoader
8fc12c74c5af599fd99d302b2429d8c8a5d3a5d243d7941758fda223ee3cb7eb
GuLoader
a7cfec855ead8a33902aab33c3c217fbc6fe9fb372c4c8d0c1aec4b493736bf5
GuLoader
ba7bdbafafbe370874a0a1a53e71176f76944663d6a113d5f7a673301c2c22d8
GuLoader
d19cf303057d3c356982205081cf799fb3c1bd5b2e5fa4d471540dcc792d96f6
GuLoader
+ 165 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments