MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 daa158b480191b5e1fe7c641eaab842dc516ad2e7c1a094adf204fa92b6529ef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	daa158b480191b5e1fe7c641eaab842dc516ad2e7c1a094adf204fa92b6529ef
SHA3-384 hash:	e101fc505a9e95730de45de1dc267104fc3ea1451f837b9da8c9c16824d19151d1e9b71ae739b0f3d5dcbc4b25622f06
SHA1 hash:	b99338f64551aa184eb305b723108598382dbe2b
MD5 hash:	ad0b0c8d9719f476479abab7ee1a4c2a
humanhash:	football-nebraska-lake-monkey
File name:	SecuriteInfo.com.Win32.Injector.ELOQ.13681
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	196'608 bytes
First seen:	2020-04-22 13:10:40 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	2a32692336d45b7bed5f32325b61dd85 (1 x GuLoader)
ssdeep	1536:6YTj49LsWNpW7YxXJ/83qkls/8KIgTNYgR/fVRjIJijX2lknWG:7jYLBtZE3z2EK6ifppWG
Threatray	164 similar samples on MalwareBazaar
TLSH	68142A80BE70D4B2C21406306ED9D77AC3A47EE5DAE1C50F2400772FEE722D669A956F
Reporter	SecuriteInfoCom
Tags:	GuLoader

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Win32.Injector.ELOQ.13681.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Fareit

Status:

Malicious

First seen:

2020-04-22 10:14:27 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

23 of 30 (76.67%)

Threat level:

5/5

Verdict:

malicious

Label(s):

guloader

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

exe daa158b480191b5e1fe7c641eaab842dc516ad2e7c1a094adf204fa92b6529ef

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/348120/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::EVENT_SINK_AddRef

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample