MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0dda0b606410793cddaee636a8ca1e1597b000c3c19ef24cd217097944998d4e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0dda0b606410793cddaee636a8ca1e1597b000c3c19ef24cd217097944998d4e
SHA3-384 hash: 2f8894cd11df9432716f9721218e5917bf4191826eb4e09f1b45a6f126ae8a0716175cebae90a871ef41971b51d376e6
SHA1 hash: 258bae64c4ce5f4e35dd64b02f132e0fdc1247d2
MD5 hash: bb579de42bb35dd2a2534197d28bf7f0
humanhash: mississippi-skylark-angel-papa
File name:souq_customer_information_covid-19_April2020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-04-07 18:55:31 UTC
Last seen:2020-04-07 19:45:09 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c469be9e9801b1f5c4363d928511335d (1 x GuLoader)
ssdeep 768:JunzYmz7jrTqSaCKy5hpR5BYhIQ/EpkNzKQGaQ+AW5one39N/yJDOsQka0S6R2fo:mEn0mzKaTzOiN/Ija0S6IVW
Threatray 346 similar samples on MalwareBazaar
TLSH E9A3C822B994FDC1F8144EB24A7B9FEC42E6BC346D413A0379C43B3E38355457AA2B56
Reporter abuse_ch
Tags:COVID-19 exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Generic-7652321-0
Create hunting rule

Win.Trojan.VBGeneric-7652344-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-04-07 19:36:40 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bxnawydecb4tzxno4y3krsq6cwl3aagdygppetgsc4exsrezrvha._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
2cccc56f00e67c1f5a329b4d4815f736f7c866cc2b50e590341ac2e5cd0a85be
GuLoader
399013dde1bc2ce10effb58c3e970c8bf82d597c3b5f606a0e4ad79567515b2c
GuLoader
443bc33e9d28fddd4229367cde23085b8d57549093ce8e991eb4753ce58c85fe
GuLoader
49411c035bce033585bf1ab27827abf5ead0c9031064848e08014fb1aee182b3
GuLoader
7a2d439918f752b46c119c13a8e3bc9cecbba270918f52721910ff5447aaefa1
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
dda25996ab5b78fa63ab71aa304360374fe2eb6ded670c778b2c69d9fa1f1e40
GuLoader
ef8f03a25087eeab581d8439a0a19ba7148270d2210d479c1d6867fac69dc813
GuLoader
+ 336 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img eeac7c4fa7f60abcdf3f011ed548a16c48dd49d7e6d2532bc48e4b466844fe50

GuLoader

Executable exe 0dda0b606410793cddaee636a8ca1e1597b000c3c19ef24cd217097944998d4e

(this sample)

  
Dropped by
MD5 9c4ee5afe08f95bff6a8296014e6ff54
  
Dropped by
SHA256 eeac7c4fa7f60abcdf3f011ed548a16c48dd49d7e6d2532bc48e4b466844fe50
  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments