MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa7b5def54c0b6de7931e50356aedec2dcea40167f6e0be83f257be9b35e262b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa7b5def54c0b6de7931e50356aedec2dcea40167f6e0be83f257be9b35e262b
SHA3-384 hash: 2d6a29da85a145e19bf357ebc35742bb063595ee432b809df2a8022d184ab4d516a7f1e3ada86888e6b5cecc396dd2fd
SHA1 hash: 7fc8a87b93129c98033b7606fad0cba8b015b458
MD5 hash: 574f6e31f7fb24dbe9ee38984bb1191e
humanhash: november-florida-montana-item
File name:CUSTOM REJECTION REPORT ON DAMAGED SHIPMENT.doc.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:212'992 bytes
First seen:2020-04-23 04:29:51 UTC
Last seen:2020-04-23 08:49:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4585204448b950f910da0abf72a340e3 (1 x GuLoader)
ssdeep 1536:UpIH/4T1pLs+dAn0zgxOoO8Fb85yq/8NFBc+YBYv6bfzx8KmOPRtxyAHyN94OlGq:NfCBsHXtFAdENmm6bbmKmC1JXOl0Y
Threatray 163 similar samples on MalwareBazaar
TLSH 9824F7417DB4E463C7144A306EEAC7B9C2597DE0DAE5C94F2090371AAE33A8625B253F
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Bifrost-7686720-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-22 14:25:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vj5v332uyc3n46jr4ubvnlw6yloouqawp5xax2b7ev56tm26eyvq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1d67c5b17b0115be9c9213910f41e052d520c7f86a5b9373f145f8c5f2ded8e4
GuLoader
7e60af333b52731e98a3c49c7e0ecca12d86c8277f4e6f8f118fd021beb5acbe
GuLoader
8f6c9e3fe48707ed0446a2c90af1d3f6b10aab25b7cb60e78dda89f25b689cd3
GuLoader
9f025ec45dfd058e5cc1fe779756e56ba932db59263e33c8918aa15bf2ecf1f8
GuLoader
a991f1aac4e086eaa96da23639f871b5629b4987a7a9203537a062075e8384e8
GuLoader
b70d7b1731c2e5af3847a1d54d746c376f676b3ca37bc8df31d0c1eba671ba79
GuLoader
bf995a7e9baf77fa301cd9af7adece6147bff5397246ade2643b9305395a5612
GuLoader
c1d7731ac02354dce14bf98a56a00f0b908fa2d8dcb3375bee86fa3aca8d79f7
GuLoader
e2136c8268bb5be4fe2a295a9bb9250c00437452cd3d65822290e3a68b1fb94b
GuLoader
f6cbd9ef6fbc0c2774a4bf2e43aa01804ee0294a453e8254f5a843a40051da31
GuLoader
+ 153 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments