MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4765d8704e79566062d7e9908cc8d01f12c2fd9b3cd2a73bffd197ac63ee8191. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4765d8704e79566062d7e9908cc8d01f12c2fd9b3cd2a73bffd197ac63ee8191
SHA3-384 hash: f393d7b56a6c07dd9ce5af76e5205b8cf76ff8837f24dbc7485fa62f9ffb245ba95bcceebea2d554bf82a35dddb233e5
SHA1 hash: 03bfb16af5f5aaf969ec0cd28fecbca03bcd7ef6
MD5 hash: 890d08b8ab35a7ff8a03eb7a0f87e561
humanhash: minnesota-five-shade-mexico
File name:New Purchase Order.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-04-27 20:02:03 UTC
Last seen:2020-04-27 20:41:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c0bdd1442f42f0d1068c30247c01905a (1 x Floxif, 1 x GuLoader)
ssdeep 768:D9U8doZbtdxDr8aEQsb/CUmsSKLlRruD+Mkwmik49xUL+:ZUNNZ8tCU5pykwMIx9
Threatray 132 similar samples on MalwareBazaar
TLSH 52834B13FEA8D6F6D8054EB64F62D2B4C197BC325950C90338C83B5F2D35A57AD603AA
Reporter JoulK
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/2402/
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AC.16016.30429.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vbkrypt
Create hunting rule
Status:
Malicious
First seen:
2020-04-27 18:37:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 30 (80.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=i5s5q4copflgaywx5giizsgqd4jmf7m3htjkoo772gl2yy7oqgiq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
66a2bf82afdb19daffd125afa2f94c6801fefd75b7759c10e2c0f8aec62fb795
GuLoader
6f2d3e1ae0ac968d44b8b5c0248734c6162a069904661dd9a19000342597d5ad
GuLoader
7a5a7df0ebb60c50c5e62e44eb2985ac7a34b935b33a1118581c3d9202444eae
GuLoader
7c58672f646a85dd65ae2c5d44fdcfb899584a9a27650418a06ecc495cdf7a86
GuLoader
7eb35bd5acf41463c83df3ba2a3b7bc251192a730c02b1c8bbf0bebf5bb923da
GuLoader
8fdfbb4301ae00013d942b73533ac1563cb90f2df9d8bf35956a777d2114bf9c
GuLoader
93379d7c4b130e722ae0e0a1ff1ac06d40fd7343ca1436bdfcc487a28a7a9e8f
GuLoader
a6a213e9e6ed1f8e1a318c3bd1a8c1676ddb707c33a44008699cb37adf6d552b
GuLoader
af20d149797962d651171269a6518a23ab0dd4486adf9e4e05d090a8b9077279
GuLoader
c4b0a3d1567c5603f9c01835027081ece17b36f870282e6ff4aaecba57944461
GuLoader
+ 122 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/2402/
Cape
Cape
https://www.capesandbox.com/analysis/2401/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd

Comments