MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f5b55fe9b33435e6a2053e16b843b5e89f3f4f3c8dfaf778386f2896b5ec4b7d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f5b55fe9b33435e6a2053e16b843b5e89f3f4f3c8dfaf778386f2896b5ec4b7d
SHA3-384 hash: 9b786d640da289dd08d607c9d8ae72a59f053ee1ccde416f576e4a97cfa2a7976bae2eb0dccbffa10456ac5cb526829a
SHA1 hash: 2ab402350a297a2264a9766fdc1b803abce01271
MD5 hash: 41fdddeb0efcc8362b233dee707cd302
humanhash: ohio-cold-comet-massachusetts
File name:PO-WL2340202011.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:196'608 bytes
First seen:2020-04-23 04:33:09 UTC
Last seen:2020-04-23 05:42:43 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 864cbc3a0de3eb2620b5d0f72dfd77fd (1 x GuLoader)
ssdeep 1536:dyCJPiJEv9rBUm/xzrX8YDjfNk9vnwyY+HitA5qYJrCKMsh+KAyc:dypJivMYPFk967twqwrJYf
Threatray 751 similar samples on MalwareBazaar
TLSH 48141A41BD70D8B2C6204631BAE9D3BAD3997ED0D9E4D68F3040B72EEF7318265A151E
Reporter cocaman
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedENT.154.2338.19857.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-04-23 02:15:54 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6w2v72ntgq26niqfhyllqq5v5cpt6tz4rx5po6byn4ujnnpmjn6q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1d67c5b17b0115be9c9213910f41e052d520c7f86a5b9373f145f8c5f2ded8e4
GuLoader
1f93e9ec506b2df6670b01905f5c42e05d7c2b4dbf44e37d82ee8050528d961d
GuLoader
350b35550e10e3ed50b1337e8899ab2eb9c9cbae7c077027f52bab3c5266bb84
GuLoader
44cac425f9daa34c012650bb145870ee3df2d1f5a87da9d58d20539ad8f51f10
GuLoader
4b79517cb074bc6373746e02781c160ead8344de3370bc518d63abe7d6a8b579
GuLoader
67aa5b86db90b286266d57324824825453a9db72b15414ee064dbf01085d00b4
GuLoader
77aa8e597d8c1b23af6c98a85e717edde17106fdb806ceadc6cedef510b9e7c8
GuLoader
7e60af333b52731e98a3c49c7e0ecca12d86c8277f4e6f8f118fd021beb5acbe
GuLoader
abb556afbfe3d5af87a2eea4a20e036896db78bfc4b30b7fa8cba8db866d364f
GuLoader
f6cbd9ef6fbc0c2774a4bf2e43aa01804ee0294a453e8254f5a843a40051da31
GuLoader
+ 741 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 79bb24ba57d272d755f04ba33e11a6d673af0f2047fa34c319e2046ba5b3f234

GuLoader

Executable exe f5b55fe9b33435e6a2053e16b843b5e89f3f4f3c8dfaf778386f2896b5ec4b7d

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 79bb24ba57d272d755f04ba33e11a6d673af0f2047fa34c319e2046ba5b3f234

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments