MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 982918d155617975c06c471aab26a4049c102b69dac8c6d6a3e1022f111e71a7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 982918d155617975c06c471aab26a4049c102b69dac8c6d6a3e1022f111e71a7
SHA3-384 hash: 59dd6f5d0a971ec7be72c726d91146883e965357ef5c2f97e30acfb2a4825d291914a466184c91a269857567410b83d9
SHA1 hash: 549e3aca42d1e79566afc23735b2d15c5997a7ef
MD5 hash: 5af0c5614960d66e0e52ef0aad49a205
humanhash: equal-tennis-social-queen
File name:INV 3326GHF- from Outriger General Importers Korea for acknowledgment.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-04-28 19:58:22 UTC
Last seen:2020-04-28 21:24:32 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d9da0788178c022dccf5cc3393acedeb (1 x GuLoader)
ssdeep 768:sTVXY3goO8xnonJZJZ90fIJSPf3OhxI4WNcLquWk:sTfoOlJZJZ90wU33G2fcLwk
Threatray 127 similar samples on MalwareBazaar
TLSH DD733952B54991B5D40907B60FE2DAFC42DA3C202C69CE03BB887BED4E34D156EA0B5F
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Vebzenpak-7723867-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-28 04:15:37 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=taurrukvmf4xlqdmi4nkwjveasobak3j3lemnvvd4ebc6ei6ogtq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1bbfe8a6da9f2617bb13d2b72d2d351fbcce3706012b0945b8ee4b2f72a0ff24
GuLoader
2adb6be5546acb42c8717b93181d13b7b174f5b13529921c5a0f72d4bd356f4d
GuLoader
453dacb9349991ae41f06e03837a54f188f0c60869b2bd6c187a46629d4bbd55
GuLoader
56c48ad772316105766bebe5da6b16a4475c7de8bc6621dab5fa896912d0ae40
GuLoader
5b59dac589de1279260d3b8976a210779abbb56447ca52679608357e67bc637b
GuLoader
5f4c8829df357db3002865e2afdceef666037b4b55add9b3f3f9bdf604887761
GuLoader
845e969b751df1e263bcf033a16c1f49ece421d2ae8133bd04714bc0df71b088
GuLoader
e031beb4c230faf0d895f0d40e5063d56c41d11cf6208a531a35176cd76e3a41
GuLoader
ed33a55395aa0b7061266a9c61b87fdecfb3fd0605ac1ca342751f9deaf25930
GuLoader
f8e186c218a4ec518e457f4e23eb43ab3c6067592ac2f5c4170d2f2a793df375
GuLoader
+ 117 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments