MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4b79517cb074bc6373746e02781c160ead8344de3370bc518d63abe7d6a8b579. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4b79517cb074bc6373746e02781c160ead8344de3370bc518d63abe7d6a8b579
SHA3-384 hash: 51f5c089a7a475ede712b279ea5e1d48ccafaa496b41d647aa6095441733069e1fa99b317b30d3eb5d9ef688f4dfdcc0
SHA1 hash: 41ef059f8501db234344d47f19328dc1803d54f2
MD5 hash: d4c11560b37e9ffe43ed7a0cf35f033c
humanhash: alpha-blossom-bravo-bacon
File name:order1.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:217'088 bytes
First seen:2020-04-24 08:52:28 UTC
Last seen:2020-04-24 09:43:49 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 467b843b3a7f52c9591a01633eacee05 (1 x Loki, 1 x GuLoader)
ssdeep 3072:ff9yKoCkXkNX+lIaxgAmMwPLgWHrHZyook:fA/0+3ub1o
Threatray 149 similar samples on MalwareBazaar
TLSH 3324F7416CB49427C32446316EE6E7BEC79C3DD0D8E68A0F2090771FAF3369665A642F
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.43038347.2145.6338.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-24 03:03:37 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jn4vc7fqos6gg43unybhqhawb2wygrg6gnylyumnmov6pvviwv4q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1f93e9ec506b2df6670b01905f5c42e05d7c2b4dbf44e37d82ee8050528d961d
GuLoader
350b35550e10e3ed50b1337e8899ab2eb9c9cbae7c077027f52bab3c5266bb84
GuLoader
44cac425f9daa34c012650bb145870ee3df2d1f5a87da9d58d20539ad8f51f10
GuLoader
67aa5b86db90b286266d57324824825453a9db72b15414ee064dbf01085d00b4
GuLoader
77aa8e597d8c1b23af6c98a85e717edde17106fdb806ceadc6cedef510b9e7c8
GuLoader
7ab96517f6852c124c82edf441496b2f005b11a4d1feb92f9cbfa2a2bffd1acb
GuLoader
7e60af333b52731e98a3c49c7e0ecca12d86c8277f4e6f8f118fd021beb5acbe
GuLoader
f1e6db23f71358086c0a6d54602989535e6c25309d92af9f0db056d4a372fe8e
GuLoader
f6cbd9ef6fbc0c2774a4bf2e43aa01804ee0294a453e8254f5a843a40051da31
GuLoader
fa905ffdb00ec8867a003c49ebfa43f6ff96b890c40b3fe31b0fc40bb344ded0
GuLoader
+ 139 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments