MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8eaeb42b2536dc0cd96ce7b42cecdb5f7097341ee68c73f960e5a426a7f83f04. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8eaeb42b2536dc0cd96ce7b42cecdb5f7097341ee68c73f960e5a426a7f83f04
SHA3-384 hash: 9fbd3ea91286f7ba2a0070971e0857f67d419fa4b54c0e1dabee990fb1e4bb4e9a63779276edc3aa6a04693e9b374a57
SHA1 hash: 38cecd28433eae286843627194e6117842510fcb
MD5 hash: 361832060c89e7e84b2b0be6294401e2
humanhash: london-ohio-crazy-india
File name:USD44,780.55 Advice note for payment dbs 1020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:221'184 bytes
First seen:2020-04-21 15:41:31 UTC
Last seen:2020-04-21 19:19:54 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6b2534ed0bb355bd72f1327a12b7a97d (1 x GuLoader)
ssdeep 1536:sv0mhlrSiPHx+A685lAyINJiElJVXq0ko1wgylGtCjMbx3/rMvuRPze:sdhlrSkTB5ZQk4ttjkG/bBruUPC
Threatray 260 similar samples on MalwareBazaar
TLSH 212408866D749463C70886706EEBD7BAC30C7DD1E9E1CA4B20807B1EAF33696156253F
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Agensla-7687287-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-04-21 12:59:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=r2xlikzfg3oazwlm462cz3g3l5yjona642ghh6la4wscnj7yh4ca._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0dd54881c43573ac95b6a20bb7b7a4dbce1ab2f64d2770cbc941326f4d6b60ce
GuLoader
3f86f49f3c2e3583c70385971bdba545c85d8f2d66f8923bf446dde88be3afc0
GuLoader
4e0e1ee117544cc9cb6784d36db3d349624ef1c888267b1e266a03ddb17d33a1
GuLoader
5c7b25c7496dfd38b4b8b2e0b77feaa6990cc65d2c376e49ede55188ffa0ea15
GuLoader
66812d316b85e20248c4af1f141a372ec1e434d951f7c6fc51402ab23da87845
GuLoader
7a760430295f2983742510a35642ce550c0bf4f8f9632f027bbb11de037126b1
GuLoader
82a761b4157d1fa4e99dbf36c0f30935b19a1dd9875e330d81a70877aa07bc8a
GuLoader
8efac0f1a783fbe5627c1fca4c211583bf045bd5671d89df9418220d66078c11
GuLoader
9a4f09a04f936d38799360de7c824701e635ce56d7d014903a6934626c3042a0
GuLoader
ea757d5009b479c116f888667fe901ed1c2f5687d26cd611df29298c17529153
GuLoader
+ 250 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments