MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a40a5e625d55583bfeb7d9ef900686a29dc3c6f580ca1615af7a2ad29f02761a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a40a5e625d55583bfeb7d9ef900686a29dc3c6f580ca1615af7a2ad29f02761a
SHA3-384 hash: baba5113693ed46277ed766277dcb03ea86b627a6452dc20408f5dd9060bd0c5f01b0c97fec2ee66dfc3d8ec4c22fdc2
SHA1 hash: 1b2e823b29841ba292c6762e382d0af3086721d8
MD5 hash: 21dcb20b06b2c661c43a65511917eb6f
humanhash: wolfram-sodium-ceiling-tennis
File name:Shipping Maersk AWB.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-04-28 07:08:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3b9d48f6d2f4d08a72318b75ceec2e7e (1 x GuLoader)
ssdeep 1536:4X//vJUbRWFw3ADkdFzkiyKrrpaotOvplBJetYh:4s3OsAD7BJe+h
Threatray 290 similar samples on MalwareBazaar
TLSH FF833B25FA84D073C1158AB16F6AEABC5023BC307D41890F7268BFBE1734A51F6A475B
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.VBGeneric-7724232-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-28 01:13:19 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uqff4ys5kvmdx7vx3hxzabuguko4hrxvqdfbmfnppivnfhycoyna._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
163b0dbdbeb27d581695908c409f25a926613547da8cc08e844e2a93307bd9aa
GuLoader
6cfa6754f2c32d3856972eceda81e57c0a274c80419482b6fe3910966b67a114
GuLoader
8f09e2d15730d4a4e19876b7d4f284fe43494e761824081dee255c677630f8e6
GuLoader
aee6f41ba3393811f2980cec1714785039dd6cfcc629b81479fc376f635868c7
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c882cc422e4039600b31e53e369f05b29dc9dd38cab76facef8a42adc8d326b3
GuLoader
cb108b44f7c1ce27111e05df5b00d405abd180fc46d280b78e9a137fd9858dbe
GuLoader
ddee93284ea3d58e46a5814cdac4b3314d542acad7ef9eef0ee29257639cfa07
GuLoader
ded1a64ebd165901f2a790ab8d7fd0aa3ae2f97738868d2d1add45e033efe738
GuLoader
e45490584a68e394f6714a78c96988adc241fd3acd783337bd66f26117535454
GuLoader
+ 280 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaFileOpen

Comments