MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 035cca1ee500852ef7fda67e60c373ed2a57756c5fefa60ba7a05aae5b9021ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 035cca1ee500852ef7fda67e60c373ed2a57756c5fefa60ba7a05aae5b9021ab
SHA3-384 hash: 20d6a6f5d05a4b2214ed5d4f5dff62648f696e60513bf640f9395d9aaa444c72e4303c1df14741cf96df9ff8592a3726
SHA1 hash: 8849e3c438c374a5207ba27b430e0d042301b5b1
MD5 hash: c0c5cca476b1a7f075f9c00c6c40f25f
humanhash: sierra-violet-lima-potato
File name:SecuriteInfo.com.Win32.Injector.ELON.26648
Download: download sample
Signature GuLoader
Create hunting rule
File size:221'184 bytes
First seen:2020-04-21 19:05:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8c7edf39313f9eede6181308d2f779a1 (1 x GuLoader)
ssdeep 1536:0T0bhTwufJ/x/i8w75QgA8JjpRyFYZutFrv9HJX9m3ijMbx3hI7eEGn:OshTx7/5wK9OOztF7X9ubbyeEa
Threatray 739 similar samples on MalwareBazaar
TLSH 3B24E7826DB4A467C70846302EEAD7FEC21C3DD0E9D5C90F60807B5AEF7365A156292F
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
114
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.Injector.ELON.26648.UNOFFICIAL
Create hunting rule

Result
Threat name:
Unknown
Detection:
malicious
Classification:
rans.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/347374
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Win32.Trojan.Guloader
Create hunting rule
Status:
Malicious
First seen:
2020-04-21 18:13:38 UTC
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=anomuhxfaccs5575uz7gbq3t5uvfo5lml7x2mc5hubnk4w4qegvq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
350b35550e10e3ed50b1337e8899ab2eb9c9cbae7c077027f52bab3c5266bb84
GuLoader
39067a6a8ac06d60189b34afbb9acd73e8e33aba91653c39a037c2f78f972f29
GuLoader
5d31ded12c6a8943f96522d5353af0d3bbb9a5ee81cef07db1c14c7cc0f117c6
GuLoader
5e627b14e776856c2904f622b43da929fbc41c1d0b753cd0f98913d8eeaf3544
GuLoader
5ff77cfc952a63f6c75709db72ca3ddd2b362bf416bb454957f3b8bfdbaafd50
GuLoader
75da456980b6c16a80a05269d6fee93bc18a242ebe0c7f9f014bad8828b09291
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
bf995a7e9baf77fa301cd9af7adece6147bff5397246ade2643b9305395a5612
GuLoader
c5f668176f1cc10b8351eaf2813cf2b2c07f5233eb39b319ef99afbf4179dd33
GuLoader
dea51f7f074a8d9b0e30626e11ca4a79de602da24ba64d0222ee1162a5fbb5ba
GuLoader
+ 729 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 035cca1ee500852ef7fda67e60c373ed2a57756c5fefa60ba7a05aae5b9021ab

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/347700/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments