MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dcf5521ac420d05a5ad5590673c275b37a4720496c08fa225fa695141a809867. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dcf5521ac420d05a5ad5590673c275b37a4720496c08fa225fa695141a809867
SHA3-384 hash: 768423e80f0104dcb30529f43a7a1b67b2e8ba16e5446bd9caf1c22bd80d8815759bc8d3cb708a125fe5fb2546d8590d
SHA1 hash: f8da1a7ef3391a50c1999d1091f331d64963dfa4
MD5 hash: a86db71b141f0b3c4b063b5e642aa6d8
humanhash: avocado-oregon-uranus-butter
File name:Invoice & Packing List No. 650 BY ICD.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-04-02 04:36:47 UTC
Last seen:2020-04-02 06:08:28 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash db6712c3f2411f60227618d524760b35 (1 x GuLoader)
ssdeep 3072:CDjEW7+hqJblul9OesPh1majzdvkrxqO+uTpB:CDJ7+0J
Threatray 1'424 similar samples on MalwareBazaar
TLSH EEB3F752B681C945C4040CB2BF22C3FC5169BD329D48AE4731D53F6EBBB62E5E151B8B
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Fareitvb-7646381-0
Create hunting rule

Win.Malware.Filerepmalware-7646386-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-02 05:36:12 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3t2vegweedifuwwvledhhqtvwn5eoicjnqepuis7u2kriguatbtq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
006bb451c7207fa375e67a1684a97136a46beea1ff74e193eb4bbf6665a0ec9b
GuLoader
09476389f92f23216cbb99cf3dce7e07deee2fdc29d63b066aef91e9b1a78197
GuLoader
15c365dfb62dc041e46ede5ae90f2e0966d1000b5936f0ed5d68f5d10e813171
GuLoader
2ed2a56967e7cb3e18b8b2cb910b9e6d356a52a9b65a05309c36ec62fa09773c
GuLoader
6f47b4825836d58654b05deac55c892825a83e479c406b9b027a0dc6bd8e3938
GuLoader
9bebd6b8400a02ec36958c8cf06d3abc659b462d482fca3df8a3a64e42b3e234
GuLoader
9d545cae8b73e11800aaf794b2919bb8972511e4e217eaf1a51c3f38c17bb412
GuLoader
a570592bf5a21c1f55712fcec60a0536fedabe28b409d9a48fdc499185e154ff
GuLoader
d7162b14867eff2ee6b1c0506f91c4e8c1a1cea0ddae632bd49156a179549772
GuLoader
fd70366a0abed417301e2a312927e5697e8ded01a50c830b408978fb61ff9241
GuLoader
+ 1'414 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd

Comments