MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf995a7e9baf77fa301cd9af7adece6147bff5397246ade2643b9305395a5612. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bf995a7e9baf77fa301cd9af7adece6147bff5397246ade2643b9305395a5612
SHA3-384 hash: 1df5d1d836c27905abaa008833f2e10fd7f033342b7156c9182bf14bf8f54b476b05cdf4e3e37e3464decd619fef69c4
SHA1 hash: e16e0c50f7193e6d12631bebb175177e694563f0
MD5 hash: 98d0d7a13ce7e40225e6284889378e64
humanhash: robin-fruit-freddie-video
File name:SWIIFT COPY.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:212'992 bytes
First seen:2020-04-23 04:41:01 UTC
Last seen:2020-04-23 05:42:34 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0b2d7571631e5ee292fc0e3d5a7626c1 (1 x GuLoader)
ssdeep 1536:L95cjvsafcPgRJ8Rdy+ZI8qu9W1YZ10PQnUVp9LjrzLoA4QIgJBZRph5WOGe2ufu:L9CCkmRvZnqQP0uUHtflsIc9
Threatray 419 similar samples on MalwareBazaar
TLSH 7924F6567E70A523C21046306FE6D3B9C3587DE0D6D5CA0F31903B1EBE73A82596A62F
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Bifrost-7686745-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-04-22 09:01:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x6mvu7u3v537uma43gxxvxwomfd375jzojdk3ytehojqkok2kyja._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1d67c5b17b0115be9c9213910f41e052d520c7f86a5b9373f145f8c5f2ded8e4
GuLoader
350b35550e10e3ed50b1337e8899ab2eb9c9cbae7c077027f52bab3c5266bb84
GuLoader
3e9112b343c87d170c86000f87788f3a19422e24ca9bb3681d9ea83fe513e5f5
GuLoader
44cac425f9daa34c012650bb145870ee3df2d1f5a87da9d58d20539ad8f51f10
GuLoader
7e60af333b52731e98a3c49c7e0ecca12d86c8277f4e6f8f118fd021beb5acbe
GuLoader
87118544ccf437b351bc119d8e33b9f74fc718c7b4c524ad37d8153bc1f043ee
GuLoader
9f025ec45dfd058e5cc1fe779756e56ba932db59263e33c8918aa15bf2ecf1f8
GuLoader
aa7b5def54c0b6de7931e50356aedec2dcea40167f6e0be83f257be9b35e262b
GuLoader
bc7839a9de72c7c7640d259622d1e1b0ed7ebb326a9db7fe45a6ac5abd380aeb
GuLoader
f6cbd9ef6fbc0c2774a4bf2e43aa01804ee0294a453e8254f5a843a40051da31
GuLoader
+ 409 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments