MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f95099f59ee1cd2f4b432c8698da05d7517c17d122ee3682900e9ee107574561. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f95099f59ee1cd2f4b432c8698da05d7517c17d122ee3682900e9ee107574561
SHA3-384 hash: a54113b785dee7271193a4309ed9f7286fd95752a50e251f6e4ea506e26b30916042bee13ba128ce4c48109381f172e1
SHA1 hash: 16b7b200168ccfae8c81ab1ee7575a87bad394a6
MD5 hash: ac2ea82607faef5ec2b226fdeb234280
humanhash: hamper-delta-moon-muppet
File name:Fleabu1.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:143'360 bytes
First seen:2020-03-27 15:36:49 UTC
Last seen:2020-03-27 17:39:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6ed607ccd45cc8942382c146eebfadff (1 x GuLoader)
ssdeep 1536:tUosCryJVVoH9dkR2RKfSFwFUOUfjmKWFqzxaOIlZ:tZAVVuFcfAOUfSzFxOU
Threatray 978 similar samples on MalwareBazaar
TLSH 84E33A23B8619804DA445A710F1682842624EC21FD626DCE76D63BEDCEF4F1BD6D23B7
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.VBGeneric-7646045-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-03-27 15:36:38 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7fijt5m64hgs6s2dfsdjrwqf25ixyf6relxdnauqb2pocb2xivqq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
006bb451c7207fa375e67a1684a97136a46beea1ff74e193eb4bbf6665a0ec9b
GuLoader
0e7ec69a6222b2753c0167997838b380acfd47834a6d1e7dd2475fd4fe07d63c
GuLoader
15c365dfb62dc041e46ede5ae90f2e0966d1000b5936f0ed5d68f5d10e813171
GuLoader
2ed2a56967e7cb3e18b8b2cb910b9e6d356a52a9b65a05309c36ec62fa09773c
GuLoader
9bebd6b8400a02ec36958c8cf06d3abc659b462d482fca3df8a3a64e42b3e234
GuLoader
9d545cae8b73e11800aaf794b2919bb8972511e4e217eaf1a51c3f38c17bb412
GuLoader
a570592bf5a21c1f55712fcec60a0536fedabe28b409d9a48fdc499185e154ff
GuLoader
d39c281b0ee2731cebd814b01c5772faf104ef40e2e16e0e56d3f3f716bc4209
GuLoader
f17d48c8d179de191e519fa908648b977c09f91803b898d8e4fada52e423a8df
GuLoader
f1ba59863abc7d03f67577aa4b75ab121608c76433981f394651f2b327914e9c
GuLoader
+ 968 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments