MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0603ab9e9dc5a76e493232f85c474f3a7e9eeaa937158916b7df9466dc01106f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0603ab9e9dc5a76e493232f85c474f3a7e9eeaa937158916b7df9466dc01106f
SHA3-384 hash: 1e92538593e89afa08ffbe325bedfdb8875cf41fbd1fec8b64bf90a66d2c6ed4b51c78b2693c1eb8a6f606cf80b0a14f
SHA1 hash: e25eb0ead2e873764ce33d5a1bb7c1264b302189
MD5 hash: 03a45b82704a9dfd862bde8714f5b581
humanhash: october-three-california-east
File name:RFQ7809913.doc.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-04-06 04:59:11 UTC
Last seen:2020-04-06 06:30:21 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9d14c3df07f5bf086f7f1c1caa8a9345 (1 x GuLoader)
ssdeep 768:p9R0tCIYXJDSdmX6AFacCeiMvBe81kp0295gDI+A:B00IYdZDacCeieah
Threatray 423 similar samples on MalwareBazaar
TLSH BEA3F6127A60FE55C5044E714D77CBFC8224BC74AD426A13BAD43F6E7A70181B692F87
Reporter cocaman
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Noon-7650558-0
Create hunting rule

Win.Dropper.Fareit-7650598-0
Create hunting rule

Win.Malware.Generic-7650850-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-05 23:05:28 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ayb2xhu5ywtw4sjsgl4fyr2phj7j52vjg4kysfvx36kgnxabcbxq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
284f5d7c77eab431e6dd8bdd9e508bbd1e2e3dc467b40f68b834b1a437061061
GuLoader
52aeea8a255442f1560a6c237fb9c6d5223e7de9eb3340d29f81803df963ee8a
GuLoader
5cba3f7da36c19bc48ceb0fd6424877d5659472fb2a19b7063e5b381aade699c
GuLoader
81bd7f9b814b466a614b8b165ef83081e2ea36f8bcf08b59fa7f9bbbad22c80f
GuLoader
92714bd064db14df090e83922023d6ebc0e515909e223e9277a35c570b0a36e0
GuLoader
a3c2207806f9be710f3a1d1cbf1149a708bb080946e2368c8e826f5cef2293e4
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b5e4950f8979f18ad063f3df3fb483aa88273271254201dbc0e5241b7713edc2
GuLoader
c5fc6b94f1257d0984ea39d1eb83e4e30a54bb037836a4fe415f7d876205312d
GuLoader
e30934706120cb94fa1b52ff9d64ae43a3ea73b51efeaf50a936a982a9a7d5e2
GuLoader
+ 413 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip a4aa7436d6636585e10fe080b66c6b0c100fb1b2a740612ca317c357515290bb

GuLoader

Executable exe 0603ab9e9dc5a76e493232f85c474f3a7e9eeaa937158916b7df9466dc01106f

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 a4aa7436d6636585e10fe080b66c6b0c100fb1b2a740612ca317c357515290bb

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd
MSVBVM60.DLL::__vbaErrorOverflow

Comments