MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d03f1c27dca16c26703aaecda761c60320fa3c0c69fc5d32bb20ccecd1d08d1d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d03f1c27dca16c26703aaecda761c60320fa3c0c69fc5d32bb20ccecd1d08d1d
SHA3-384 hash: fcb93b0977a2e478b36bb66c56cb0b57227498bc626f4146a92a1728004a55fd70a229b659f7e7773542e20427606f33
SHA1 hash: f6c2735d242d790dea5a97524bcbde73535234df
MD5 hash: 7d66015d04cf25cff470e9f9fa0bd326
humanhash: twenty-colorado-bacon-colorado
File name:ENQ NO. 42020.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:86'016 bytes
First seen:2020-04-29 04:08:03 UTC
Last seen:2020-04-29 05:46:23 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d59c6db1967e9203164f9e7d26ea2ffd (1 x GuLoader)
ssdeep 1536:pdcd3QmLTHPImQvM3uEZtZssTxnnhTqdonoHoFDYt:XC37LLHQvCZvTxnhmOnosDa
Threatray 224 similar samples on MalwareBazaar
TLSH C6831852FAD0D071D23489F62B259696C09FFD350A108E0B79C97F2E663AE5BDB5030B
Reporter cocaman
Tags:bat GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.37440.3244.2413.UNOFFICIAL
Create hunting rule

Win.Trojan.Vebzenpak-7740146-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-28 13:25:35 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2a7ryj64ufwcm4b2v3g2oyogamqpupamnh6f2mv3edgozuoqruoq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
28d5385136c2bb70ae04b2e7f2e7ddfb8d28307e6a9624040c9c10320cbe2a67
GuLoader
446edf48a9da4c88fc12dd56029813fb80b6348cc3882453812093b43d124e22
GuLoader
453dacb9349991ae41f06e03837a54f188f0c60869b2bd6c187a46629d4bbd55
GuLoader
5db81fec28fb5f72b263aa64872be19ba90ac3e37455df0fc08d67f1a22956af
GuLoader
91afdc32751f60081453bd451551cc81ec9eebc5f05ee9e7456de7cebd046af2
GuLoader
b1dea0e5769512552ec2d4ab63dc3a7377d7409e4651c15635dd64878f022e99
GuLoader
ba4b1ece1f0d42d229946e79fda474ea6d417b7f597bcea4199e0f2d0baea666
GuLoader
d1148a8f019b2b901f2c089bd7e77eb55c61efa5d6cbfb65e4fa1868476c9dfe
GuLoader
fc08b324eb3e3b9fb152071c2fad311075b0f1cfc9de5893d88aa2aa01e12b47
GuLoader
fd3963d42c527521324b840adccccb989b52eeafbfee16b562d2a2ea65f79193
GuLoader
+ 214 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar f44638e6474a1705c674210b0104afb6af90ba63b567961e2040b980fe0162ee

GuLoader

Executable exe d03f1c27dca16c26703aaecda761c60320fa3c0c69fc5d32bb20ccecd1d08d1d

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 f44638e6474a1705c674210b0104afb6af90ba63b567961e2040b980fe0162ee

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments