MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ecbbdea89347df30a9575353b8886499a88d30f5606f60c922c62e4a56637c74. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ecbbdea89347df30a9575353b8886499a88d30f5606f60c922c62e4a56637c74
SHA3-384 hash: 968d86725de9a0cd859d6b618bfd01fb9d2b21c427b69f7aa1f6dca8152e043ab05e7273546c9e41a056a45c721e0345
SHA1 hash: aa3d2c07f0144b03b21aefc93905f06e9c34276a
MD5 hash: 45bccc1f83936d1344d461c0ea46baed
humanhash: bravo-diet-fish-rugby
File name:Invoice.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:61'440 bytes
First seen:2020-03-10 20:04:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a563fe575f98a64cef6ba4722908abb4 (1 x GuLoader)
ssdeep 768:wMZ71tz9NhgdT1VnnGsxNtcXPlB1JcSU5C:wKv9niT3nnGy4JcSU5C
Threatray 867 similar samples on MalwareBazaar
TLSH CF53B737EB586E1DF065A7396EF3C63863AF5E14D729650610A43AC936B27080FB01BD
Reporter cocaman
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Win.Trojan.Generic-7614798-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-03-10 13:31:12 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
27 of 30 (90.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5s555keti7ptbkkxknj3rcdetgui2mhvmbxwbsjcyyxeuvtdpr2a._file
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
guloader
Create hunting rule
Similar samples:
032624661ba64ab1c3ca40a7a47b3635ee6b6a3442ca6bfb7a41a4a8de7b0fb5
GuLoader
0c017b57d7f1cbfa01f54deb15b7f04b8923acd4585435050589b1762856247e
GuLoader
3df464cdb09ec8aed7589b31541a291c9b921f49b2cc97aa34d363161366db8a
GuLoader
460aa0fd440b1acb5aa90b5667d4c387494f6622014e5d4115b1e3b6b080c5c0
GuLoader
4d0dfe01c27dfd2c35464a3f435cfb4cad6e996d6fc407cc8f10fc0b3d0692fe
GuLoader
5cd5f57afb04ba3ce4e5aaee5a7fa7d10b24a334e30911a49a4cc4cb52982848
GuLoader
a1eec13238d8aeff47e2544402482dae53aed3617e73a5e757746db56cc3f353
GuLoader
c76654971c4af60511d3583a3bd00c673904569aa93973687e14e95b9e80de6f
GuLoader
d3aa9fd1ed4af3cc3a49e612b93a03f799ada340c1c086f7403448fe77115bb1
GuLoader
e7cf4a0d3f94afea480bf5e64a658029d02191330244697ba9afd81dd5b56386
GuLoader
+ 857 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ecbbdea89347df30a9575353b8886499a88d30f5606f60c922c62e4a56637c74

File information

The table below shows additional information about this malware sample such as delivery method and external references.

zip 3fdc7380613344c2b9458117b45028516709b68c2b3ed296ac688378a46caae6

GuLoader

Executable exe ecbbdea89347df30a9575353b8886499a88d30f5606f60c922c62e4a56637c74

(this sample)

  
Dropped by
SHA256 3fdc7380613344c2b9458117b45028516709b68c2b3ed296ac688378a46caae6
anyrun
any.run
https://app.any.run/tasks/3769ff65-7340-4539-8d3f-08670a5bfe3e

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments