MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 abc26a4dae06f9fa3a58be8ae001afa9b529384fd22814469cd4e7bc5b8c1255. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: abc26a4dae06f9fa3a58be8ae001afa9b529384fd22814469cd4e7bc5b8c1255
SHA3-384 hash: 0e9f6f6d77d6f35608120b4b06de757d7ee409bfd9250e9645d1e7cd58be971c384a23a48da985b11eceed94ca800055
SHA1 hash: c1237115121be0e24deb070e1ae7ce1ca0553063
MD5 hash: 097e31a6c66f40dd4ab7792d9c7bdac2
humanhash: uncle-pluto-fifteen-march
File name:RFQ NO 712962733.doc.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:143'360 bytes
First seen:2020-03-26 05:33:43 UTC
Last seen:2020-03-26 07:35:43 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 800fe280b59e1cf8d0ec50d2973e0ece (1 x GuLoader)
ssdeep 1536:t4vUPn1KIcIr8AXN/VdDOLLUgPmrlQFH6fWYedIF:tRsI79dmia628
Threatray 1'855 similar samples on MalwareBazaar
TLSH 6DE33C73BF628491E9054E711B1987994A367C30ECBAAB8B3741BF1F48F1A53D8B2315
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Vebzenpak-7645390-0
Create hunting rule

Win.Trojan.VBGeneric-7645401-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-03-26 02:22:35 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vpbgutnoa347uosyx2foaanpvg2ssocp2iubiru42tt3yw4mcjkq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
09476389f92f23216cbb99cf3dce7e07deee2fdc29d63b066aef91e9b1a78197
GuLoader
15c365dfb62dc041e46ede5ae90f2e0966d1000b5936f0ed5d68f5d10e813171
GuLoader
5cd5f57afb04ba3ce4e5aaee5a7fa7d10b24a334e30911a49a4cc4cb52982848
GuLoader
70d577aba943b783ec606abcfa912bf97c9fd4f22d5e46ff1d718d350a8e4fcc
GuLoader
9bebd6b8400a02ec36958c8cf06d3abc659b462d482fca3df8a3a64e42b3e234
GuLoader
a570592bf5a21c1f55712fcec60a0536fedabe28b409d9a48fdc499185e154ff
GuLoader
db740f36a91f4fa311184714bdb059022ba29a054975db509a5bb782eb542533
GuLoader
f17d48c8d179de191e519fa908648b977c09f91803b898d8e4fada52e423a8df
GuLoader
f1ba59863abc7d03f67577aa4b75ab121608c76433981f394651f2b327914e9c
GuLoader
fd70366a0abed417301e2a312927e5697e8ded01a50c830b408978fb61ff9241
GuLoader
+ 1'845 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments