MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4aeeacd6a9c14a9c0de9c89d4264cd72973b416a0704b44977d9ea399bbfb181. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4aeeacd6a9c14a9c0de9c89d4264cd72973b416a0704b44977d9ea399bbfb181
SHA3-384 hash: d4834fb5dbc8b4146b6cebdab8ec733175da34dacd3fc9478fb903df1f010a49d9942e88de2564b23b71795c2f8b8361
SHA1 hash: ac9b5ba5043bd3c22a1e95e71dc45752aee50c42
MD5 hash: cbf7083d6111ae65c58a5010198722aa
humanhash: hydrogen-cola-lima-jersey
File name:P.O.NO.136480.COM
Download: download sample
Signature GuLoader
Create hunting rule
File size:212'992 bytes
First seen:2020-04-22 07:25:36 UTC
Last seen:2020-04-22 08:21:19 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 47b0d0e00a4fea4f03f84228a754750f (1 x GuLoader)
ssdeep 3072:ZGZvYofqS7MM1qg2PNcTED5UmSdD0sjo:ZkvYFS7FaWNdo
Threatray 429 similar samples on MalwareBazaar
TLSH 5A24E641AE74D863C72442312FEAC77DC2583EE1DAE5C91F2090371AAE336A6157167F
Reporter cocaman
Tags:com GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.LyWgkx-2
Create hunting rule

SecuriteInfo.com.Trojan.Agent.EPPI.63.15521.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-04-22 07:35:35 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jlxkzvvjyffjydpjzcouezgnokltwqlka4clislx3hvdtg57wgaq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
035cca1ee500852ef7fda67e60c373ed2a57756c5fefa60ba7a05aae5b9021ab
GuLoader
1d67c5b17b0115be9c9213910f41e052d520c7f86a5b9373f145f8c5f2ded8e4
GuLoader
5ff77cfc952a63f6c75709db72ca3ddd2b362bf416bb454957f3b8bfdbaafd50
GuLoader
a95959a3c03e397cf83bd5c76f1e96c55742d6a478e0807d3251e1e015c9ee0a
GuLoader
abb556afbfe3d5af87a2eea4a20e036896db78bfc4b30b7fa8cba8db866d364f
GuLoader
ad64a6eaa5d2494a4161158792e7cde3fb7d9a7bd36f06cc0de271192582f439
GuLoader
be45d144f539c0ef3ce8329cebcc9e26167f293bec1a9e82f5e7294a6fc17c5f
GuLoader
c81f953d604937a8fe980dd6c9076dfeba7678027034120859d03237bf3a19d7
GuLoader
dea51f7f074a8d9b0e30626e11ca4a79de602da24ba64d0222ee1162a5fbb5ba
GuLoader
f1e6db23f71358086c0a6d54602989535e6c25309d92af9f0db056d4a372fe8e
GuLoader
+ 419 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

iso 8ecbfb2189964ea8d02c82b807fb52f888dd04e03e37a66dee1919409cdc4df4

GuLoader

Executable exe 4aeeacd6a9c14a9c0de9c89d4264cd72973b416a0704b44977d9ea399bbfb181

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 8ecbfb2189964ea8d02c82b807fb52f888dd04e03e37a66dee1919409cdc4df4

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments