MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 47e0a9592dbd0f2aaf56ec183cf5936a24848ed72de02dc30848d033a28d00b4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 47e0a9592dbd0f2aaf56ec183cf5936a24848ed72de02dc30848d033a28d00b4
SHA3-384 hash: 4ec2aef3007ca2b24f8c6c191f328696c01c073fe688eb5ee517ed26f2b4b2c5c0258523007a318133e4bc3cfe36d142
SHA1 hash: 2937a0a3cddd1df97af456cbf0e0cdf9ee177fdf
MD5 hash: d981b2ae8d9daefed0f73cdffa33c0ab
humanhash: twelve-eleven-ten-east
File name:14330bbb2fc8669d133f73e2b69b8f67.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-04-03 07:55:09 UTC
Last seen:2020-04-03 08:36:31 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6e675e67691321cba7c8ade825614957 (1 x GuLoader)
ssdeep 768:E/s8lr3ncRvOxEmEuCddZ6J1bWS2MH1v2wbsGlpYs60vWOqYZoTHN+k8bh:Es8xncRvOxiug48W1+UdlKbBY0HgJ
Threatray 1'210 similar samples on MalwareBazaar
TLSH EFA31829B700DE90C4150EF1DE65CBEC82257E349E456A0776CA3F9F3EF02919192B6B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1TMMFigiLe35Sfgf0qnqI1P12UQdOrzez

Intelligence

File Origin
# of uploads :
2
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Generic-7650553-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-03 08:35:20 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 30 (76.67%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=i7qkswjnxuhsvl2w5qmdz5mtnisijdwxfxqc3qyijdidhiunac2a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2ea5a4fb25528051254f255dc64913ca7d4faa1ecba2f40a55b536f871624fb9
GuLoader
45f2c615dde960357bc53cf73082b5de83cf5c0cd93d7a9b339af308d1229f0f
GuLoader
57acb5d89c02230f16fa4223e779f5defcb924a9e42ac05c245f91561c1c7fe0
GuLoader
5cc55fa0f006fc7c39f68a9aa2d7c2debe52c0e9f8ee955bacced2cf0d2aae8b
GuLoader
60c2a6a0bc12f4b6fd4ecb473d5de3d9de561ee3125055dbbf2d8ff12bb83f60
GuLoader
a16deb69d9cd6cf259639a9584dbe98c0bc73395559f9afef7d9dc2784bb803c
GuLoader
a40a5e625d55583bfeb7d9ef900686a29dc3c6f580ca1615af7a2ad29f02761a
GuLoader
aee6f41ba3393811f2980cec1714785039dd6cfcc629b81479fc376f635868c7
GuLoader
cb108b44f7c1ce27111e05df5b00d405abd180fc46d280b78e9a137fd9858dbe
GuLoader
e45490584a68e394f6714a78c96988adc241fd3acd783337bd66f26117535454
GuLoader
+ 1'200 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

34fbc56b81fda9c0d574f01f8cd08b07cb175122db4dfca0fd036dbe3a0b54fb

GuLoader

Executable exe 47e0a9592dbd0f2aaf56ec183cf5936a24848ed72de02dc30848d033a28d00b4

(this sample)

  
Dropped by
MD5 14330bbb2fc8669d133f73e2b69b8f67
  
Dropped by
MD5 7cb1ae9b59a6d43c10c0238f46504329
  
Dropped by
GuLoader
  
Dropped by
SHA256 34fbc56b81fda9c0d574f01f8cd08b07cb175122db4dfca0fd036dbe3a0b54fb
  
Dropped by
SHA256 f6f19dd6a9e2f1167ed3a0a0490f5a765664ec2118dae6b170b87acea3109f08
  
URLhaus
https://urlhaus.abuse.ch/url/334538/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments