MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 db740f36a91f4fa311184714bdb059022ba29a054975db509a5bb782eb542533. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: db740f36a91f4fa311184714bdb059022ba29a054975db509a5bb782eb542533
SHA3-384 hash: 226accc3ee483b09d6a16497db9ea3d77ec4c29abd556d794ad2aa52d7f5c67f73fbf493b38b86c095df0ceed31c207e
SHA1 hash: 05dbab643a66a9f20f87abd5d68b2f852c5b31bc
MD5 hash: c1d18ab802203f7003c91cd1aa05c8ab
humanhash: social-aspen-october-high
File name:COVID-19 PREVENTION A.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:118'784 bytes
First seen:2020-03-19 18:34:58 UTC
Last seen:2020-03-23 18:23:42 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4050a3e3e57dfff413a8b7e452c8be57 (1 x GuLoader)
ssdeep 1536:qWK4vIJHief2s1VgalM/P9Xs8MNSUkQkKJMOtRVcdzoa:R/kCeOV+87OkHOtEdzoa
Threatray 1'468 similar samples on MalwareBazaar
TLSH 5BC37B82FB90D46BD1188E3EBC46D293050BBCA578D3E94B39987B2E79F40A1CF5D611
Reporter ov3rflow1
Tags:bat GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.18469.856.3956.UNOFFICIAL
Create hunting rule

Win.Trojan.Vebzenpak-7639837-0
Create hunting rule

Win.Trojan.Agensla-7639840-0
Create hunting rule

Win.Malware.Vebzenpak-7639843-0
Create hunting rule

Win.Malware.Vebzenpak-7639845-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-19 21:04:06 UTC
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
085723cd3bf42b5f4cba4d975389d6f088c22cc696f4f0771251a3a1afaedc53
GuLoader
09476389f92f23216cbb99cf3dce7e07deee2fdc29d63b066aef91e9b1a78197
GuLoader
15c365dfb62dc041e46ede5ae90f2e0966d1000b5936f0ed5d68f5d10e813171
GuLoader
2ed2a56967e7cb3e18b8b2cb910b9e6d356a52a9b65a05309c36ec62fa09773c
GuLoader
4fb3528f5fc1a30b03cf69920e1db68cd4943c1c303a09cac0723a10abfcc378
GuLoader
9bebd6b8400a02ec36958c8cf06d3abc659b462d482fca3df8a3a64e42b3e234
GuLoader
a570592bf5a21c1f55712fcec60a0536fedabe28b409d9a48fdc499185e154ff
GuLoader
abc26a4dae06f9fa3a58be8ae001afa9b529384fd22814469cd4e7bc5b8c1255
GuLoader
d7162b14867eff2ee6b1c0506f91c4e8c1a1cea0ddae632bd49156a179549772
GuLoader
f17d48c8d179de191e519fa908648b977c09f91803b898d8e4fada52e423a8df
GuLoader
+ 1'458 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/db740f36a91f4fa311184714bdb059022ba29a054975db509a5bb782eb542533

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments