MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 87118544ccf437b351bc119d8e33b9f74fc718c7b4c524ad37d8153bc1f043ee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 87118544ccf437b351bc119d8e33b9f74fc718c7b4c524ad37d8153bc1f043ee
SHA3-384 hash: 2f87ac3a3f0a703665123e7329475fe29761c9467d98909768c808261402c1f5186d249f0f7ef058316748c297544f39
SHA1 hash: 4c2924e232954590807efa8aa28134076873da89
MD5 hash: ce6bdb1a760648cde562a079eb15e029
humanhash: venus-montana-pip-high
File name:CUSTOM REJECTION REPORT ON DAMAGED SHIPMENT.doc.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:217'088 bytes
First seen:2020-04-24 04:15:31 UTC
Last seen:2020-04-24 09:11:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ebaf9667fd5315fc5e22bf63a86de213 (1 x GuLoader)
ssdeep 1536:ir0lJxp23soIhLxLWk87DU5xqM83moPvzyJvuPvl4DbCko0Fdr2yj:Q0fS0ar7Y8D3dYvueDZvr/
Threatray 245 similar samples on MalwareBazaar
TLSH AB24E545AD749827C71486302EEADBBEC2483DD0E9D5CA4F2090B76BEF33786156252F
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
4
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.KillProc2.10065.10411.32755.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-23 14:44:04 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 30 (80.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=q4iykrgm6q33gun4cgoy4m5z65h4ogghwtcsjljx3aktxqpqipxa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1f93e9ec506b2df6670b01905f5c42e05d7c2b4dbf44e37d82ee8050528d961d
GuLoader
3e9112b343c87d170c86000f87788f3a19422e24ca9bb3681d9ea83fe513e5f5
GuLoader
44cac425f9daa34c012650bb145870ee3df2d1f5a87da9d58d20539ad8f51f10
GuLoader
45210d41713353f0aa2104a2c112d0721d0f6373bbec7a82466f65b2ed9e3d85
GuLoader
4adf106d80dd2be5d8ea333dcc3a1d06770e4d913b25d05616247f9c66f99484
GuLoader
5b9ba311bf0eebf151a0146d7e43c40e2b98929a07dcffc6f286e21558487a4e
GuLoader
5c8de7c3ff4d9ad542fe30c13e84cfe205122faefb6427cf7323298eb47ab0d3
GuLoader
7ab96517f6852c124c82edf441496b2f005b11a4d1feb92f9cbfa2a2bffd1acb
GuLoader
bf995a7e9baf77fa301cd9af7adece6147bff5397246ade2643b9305395a5612
GuLoader
dea51f7f074a8d9b0e30626e11ca4a79de602da24ba64d0222ee1162a5fbb5ba
GuLoader
+ 235 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments