MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7f74994cfed1a06818e7083a8d1f462065a21d23d742e59ff0a9a66a6bf93bf5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7f74994cfed1a06818e7083a8d1f462065a21d23d742e59ff0a9a66a6bf93bf5
SHA3-384 hash: b6c0ab22638a291fd155c70d68e51228379cc27c21a5016f0181be774e6da33d7edccfccd6a3e5f6294ddc45d34b7282
SHA1 hash: 74aa558436447620d58e71d0c7dbf308e35d7440
MD5 hash: 0bd566486db6df421c7c16a15d4c6dd5
humanhash: echo-echo-black-sixteen
File name:DHL.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-04-25 08:54:46 UTC
Last seen:2020-04-25 09:39:33 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6288db0b9e193f2bebad3472ba163e8a (1 x GuLoader)
ssdeep 768:MMTSFhFZIk2Rd/knz+L1cqC+QMe+GFFbG/bcnWAxdFvI0Y2pTI2O5J:7Taik2Rd/uz+aqC+xGDVv17TIl
Threatray 112 similar samples on MalwareBazaar
TLSH DFA33AB671609CAECD258EF24A5147A410DFBD704D108A4B75CA3AAC5B36383D9327EF
Reporter cocaman
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.42531.15291.7459.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-25 09:35:31 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=p52jsth62gqgqghhba5i2h2gebs2ehjd25bolh7qvgtgu27zhp2q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08859ac4f1ffc2f704daef2a26e05b4f36c93ac54f2288f0c00f15395819f36a
GuLoader
109fc367b83959de6cdb2f18204be3bc6d0ab907d4da9051d5c0133cd3560133
GuLoader
290452bb8eb4dfcc3cfb1590c8fb1b44427a3c9f0439ad5855e35bc39537a3a3
GuLoader
3016eacec1bd033e76ea07a84a8eb04c9e069cd1700e9162e2479ba9bcfa2387
GuLoader
466f64cfb6b39e848c5e07746723bdb07f2ca19fd02fcf24fe0ce7e54893350b
GuLoader
59cc9dfa7669ecf60cad2d9a16bbbf0dea3a83edf6dad291f69ecc30e9979d43
GuLoader
5fb20cca77d85fedf3653f24c8109d985c946955ad50ffd18bff9e33d64bc5ef
GuLoader
c92ac75f97a123d9605d2b9b73d6123b729338d2a2e5d25fb75828a12d9a9bbe
GuLoader
eb91e6127348b8edf7c296470053b8808893645923a321257de92c40969bbcc2
GuLoader
ece7d3e5aacd8144e1a460a56c1fd06cebe0d325c640144295c70ec8d179f39d
GuLoader
+ 102 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 43adb2b66d7a4aa7bd9d0da3a8c4c106a5a52b79bba03e6f13fee1c5493975b3

GuLoader

Executable exe 7f74994cfed1a06818e7083a8d1f462065a21d23d742e59ff0a9a66a6bf93bf5

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 43adb2b66d7a4aa7bd9d0da3a8c4c106a5a52b79bba03e6f13fee1c5493975b3

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaFileOpen

Comments