MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 56c48ad772316105766bebe5da6b16a4475c7de8bc6621dab5fa896912d0ae40. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 56c48ad772316105766bebe5da6b16a4475c7de8bc6621dab5fa896912d0ae40
SHA3-384 hash: 5b793fc5b254d2d2b3fc47909364afaa160dc70f056bc785c33d370b92d1bd3e85e9f835c16249e7c148d4c521149afe
SHA1 hash: 49564e7830fd336eca890337e22b56ead4364e21
MD5 hash: e6c7af733879e0ab7e8b2afd1c712149
humanhash: uranus-bacon-pip-march
File name:ReadMe.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-04-28 06:03:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ad3731a08366edaa35b795c63a6a1eeb (1 x GuLoader)
ssdeep 384:9NbW6MplVUr94197cJsPj/6dlIoXQZK7+QQAAeZxXEB/dQ6dxFT+PkWEq6tZK5JM:9NQUi7EhA615cZkL6D7W6RX+ZB6P
Threatray 855 similar samples on MalwareBazaar
TLSH B67319717B58E1B2D5788BB49F68DBB8394AAC213D058F4B70873B7E1E30E019E61563
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.LokiBot-7709102-0
Create hunting rule

Win.Dropper.Vebzenpak-7723867-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-28 01:33:16 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=k3civv3sgfqqk5tl5ps5u2ywurdvy7pixrtcdwvv7kewsewqvzaa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f
GuLoader
2adb6be5546acb42c8717b93181d13b7b174f5b13529921c5a0f72d4bd356f4d
GuLoader
37d7bba1bacdbcb35e301c1fc391449ea84d1203ca59a8b1f1142acf4596e032
GuLoader
5db81fec28fb5f72b263aa64872be19ba90ac3e37455df0fc08d67f1a22956af
GuLoader
8869b2576e5e5ebd15edee49935a89a27bb6dee506483a27f805f708d4bf8957
GuLoader
982918d155617975c06c471aab26a4049c102b69dac8c6d6a3e1022f111e71a7
GuLoader
baeafce74cc8a5c40bd2b6ba2e38312834e48f23f655cfae1d1ae8e78e375b84
GuLoader
d18ed67b05d0bbd6dfaba77a6053c92674bfef8abc8c7aae7c17f703adc6ea5c
GuLoader
d7e91c4ae1a0b9f6bd1c2ae422b2d9488949110017b9d06001e6bcd386905c8e
GuLoader
e031beb4c230faf0d895f0d40e5063d56c41d11cf6208a531a35176cd76e3a41
GuLoader
+ 845 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments