MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 473f6c38f3047708289a930f291a474052b160a9090bc6c2844f53b6226805ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 473f6c38f3047708289a930f291a474052b160a9090bc6c2844f53b6226805ad
SHA3-384 hash: f19ab0b126d49eb9a07d9ca452300b214a375b7874d8bbdb4592265197fe76d3ab98e01b9c0802675a5cbecbd4d90dd5
SHA1 hash: b420fae6a6bde0ab60955e5644444b064def5982
MD5 hash: c78f51320a2ac8ed54e815130a52ffee
humanhash: one-bravo-connecticut-social
File name:YQUANZHOU CO. LTD.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:196'608 bytes
First seen:2020-04-22 08:47:30 UTC
Last seen:2020-04-22 09:53:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d13bd3ac9b4fd4a8ca904994623b323b (1 x GuLoader)
ssdeep 1536:c08lPDIigrKd7bxWHrw1sjo/8SFDpsFYJW62h1KgVP+a9BV1V//+ZAcwaz:ZA3gmXA8EoES/98DMaD9//VLc
Threatray 723 similar samples on MalwareBazaar
TLSH 98140A81BD7898B2D11002302FDAC77AD2643DE1C9F5865F2400B72FEEB32A959B116F
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Graftor.735633.11460.13033.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-04-21 21:02:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=i47wyohtar3qqke2smhssgshibjlcyfjbef4nquej5j3mitiawwq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
051101f45d03dac4583297cce0d708af562dedfa085b3d9dcfea40be2083e7ab
GuLoader
1cd0666b758f28d4d3a402dc10f1b185f5a1fbbe7f74cfceea475e72a5bbecb0
GuLoader
4cd26d79cdab1d9f934cdee769ab7f1803735a120d95afb470a2466a088c4d5c
GuLoader
712b5489228115a95c7718684ee0c1f80a352da3872fbfcbf74000c5306ba664
GuLoader
abb556afbfe3d5af87a2eea4a20e036896db78bfc4b30b7fa8cba8db866d364f
GuLoader
b65a42512465c82d804bdb56b5e1e633afa4571a20dc68d311ecad4a8fc3654d
GuLoader
c37ae1ed1bf166c96faa73db4544f415c2b81f0a42ccd5311e0aabc0b9e4f455
GuLoader
c410f181985c48a013609ed25c046f7e87782ee807e2b8bd0199788a461eec90
GuLoader
df34eee3a23ae66bb689bc1911e417cdaa7b51c353dc586bdb3280f86df09b55
GuLoader
f5b55fe9b33435e6a2053e16b843b5e89f3f4f3c8dfaf778386f2896b5ec4b7d
GuLoader
+ 713 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments