MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7eb35bd5acf41463c83df3ba2a3b7bc251192a730c02b1c8bbf0bebf5bb923da. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	7eb35bd5acf41463c83df3ba2a3b7bc251192a730c02b1c8bbf0bebf5bb923da
SHA3-384 hash:	e2aba66e1b2dfbaec9c9349729f4a6f9710de5df80b553325c05d15728da8ad1087975a6fb58e53058f3b091ec0ccb4b
SHA1 hash:	1fa0bf3135c8e4fc8a7c95765d969fa0055c8e8a
MD5 hash:	b1db3dc37f9678f1216e74602ce5d6ce
humanhash:	juliet-berlin-iowa-fruit
File name:	Pb@1.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	77'824 bytes
First seen:	2020-04-28 04:48:14 UTC
Last seen:	2020-04-28 05:59:48 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	6c0f326916e94566146070d68a18edc6 (1 x GuLoader)
ssdeep	768:WNJVD2o/73YpU8a93yHSybjbTDQvIpiRy0OZI5SL2oSLlBrubw/PiYsoMde8QeLf:Yvd/jI7bYYIgjs7iYsoMdeJ2
Threatray	118 similar samples on MalwareBazaar
TLSH	C1733A32B191E072D057CAF21E95DFAD846EBE304E4C98273188771D5F7279299A838F
Reporter	JoulK
Tags:	exe GuLoader

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Mal.FareitVB-AC.32162.11049.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-04-28 05:36:01 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

26 of 31 (83.87%)

Threat level:

5/5

Verdict:

malicious

Label(s):

guloader

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

exe 7eb35bd5acf41463c83df3ba2a3b7bc251192a730c02b1c8bbf0bebf5bb923da

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/353044/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::__vbaObjSetAddref MSVBVM60.DLL::EVENT_SINK_AddRef MSVBVM60.DLL::__vbaLateMemCallLd

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample