MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c81f953d604937a8fe980dd6c9076dfeba7678027034120859d03237bf3a19d7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c81f953d604937a8fe980dd6c9076dfeba7678027034120859d03237bf3a19d7
SHA3-384 hash: 024519ef1119eab5bf95ca63dcabc22797e5502e5baec09266122ec8ac616beec1003b16dcbdda2c70bde8223e04fec1
SHA1 hash: 5cb37452fc20c926a169e752d96556234da30528
MD5 hash: af647f9a0f5bc279dc2934b63102d9d8
humanhash: sixteen-timing-uranus-sink
File name:SecuriteInfo.com.Trojan.DownLoader33.35092.8533.23383
Download: download sample
Signature GuLoader
Create hunting rule
File size:221'184 bytes
First seen:2020-04-22 14:19:13 UTC
Last seen:2020-04-23 04:26:14 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 615fd34312f99b4a52e44b76d2e68818 (1 x GuLoader)
ssdeep 1536:bbO0ByYeUgzn7MGlD8drLnyG8UFtvBH8njzsTiu3DqC8jMbx3xxAOR3:bbBBeUg8egdv0UFTkztgqYbLKOR3
Threatray 563 similar samples on MalwareBazaar
TLSH 5424D5456DB8A467C71846305EEAE7B9C30C3DE0E9E4CA4F2080771BAF33696256653F
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Guloader-7685587-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Guloader
Create hunting rule
Status:
Malicious
First seen:
2020-04-21 14:08:50 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zapzkplaje32r7uybxlmsb3n725hm6acoa2beccz2azdppz2dhlq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
268953af63bad4895dd06c024fd1ec2af2c134623a0e100e26894e4d6bab741e
GuLoader
2d403f971f502d2423b11dcca6424edc460b6c290cb76107d7f36a37565791e8
GuLoader
39067a6a8ac06d60189b34afbb9acd73e8e33aba91653c39a037c2f78f972f29
GuLoader
5d31ded12c6a8943f96522d5353af0d3bbb9a5ee81cef07db1c14c7cc0f117c6
GuLoader
7ab96517f6852c124c82edf441496b2f005b11a4d1feb92f9cbfa2a2bffd1acb
GuLoader
87118544ccf437b351bc119d8e33b9f74fc718c7b4c524ad37d8153bc1f043ee
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
bbbc1a46aa7998a12dc9b13c29b5204b784669e60d8bb1d05fbf2741abf68342
GuLoader
dea51f7f074a8d9b0e30626e11ca4a79de602da24ba64d0222ee1162a5fbb5ba
GuLoader
fe6778684fe56f143efd0bfae3e127f0c615f11d47e302e68a9eb1f83f7a6511
GuLoader
+ 553 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe c81f953d604937a8fe980dd6c9076dfeba7678027034120859d03237bf3a19d7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/348032/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments