MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e72431bb3f2c1d3fe29a14c82437c83ffbadcef763467e89137a3fac2a736b7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0e72431bb3f2c1d3fe29a14c82437c83ffbadcef763467e89137a3fac2a736b7
SHA3-384 hash: 493676b8b581afc9b15fdc347eaf53bdd8d47ed5fd21f74e05ae07183ddb84c76f18a303a0048e26aadc7bbd9c9d476a
SHA1 hash: 76e21abdbd35b36e0df2319c67b24cfb665920a9
MD5 hash: 41ec91ad7e8475898909ac0389316e5d
humanhash: lemon-alpha-robin-bulldog
File name:SecuriteInfo.com.Trojan.GenericKD.33606040.6878.2611
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-04-04 06:31:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3a46ff7724a30037b1479e1c4dc8f3d0 (1 x GuLoader)
ssdeep 3072:JOlTHpppp7ppppp4/ppppppppppppppppppppppppppppppppppR5YW:J2Z4
Threatray 640 similar samples on MalwareBazaar
TLSH E8A3F722BA94FE11C8044EB19E7A87EC8124BC30AD056B43BAC13F7E39715D6B951F67
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Generic-7647392-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-04-03 21:27:21 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
35 of 48 (72.92%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bzzegg5t6la5h7rjufgieq34qp73vxhpoy2gp2erg6r7vqvhg23q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0829886e0ca34a32fa545e0a53d7a2208d963b7b826a14aefde94d9ff4f549e5
GuLoader
08f3b51c8493c5ed8948ab35c956a465e0043094248d2f27a5d8fa9a696e3cbf
GuLoader
278593e60722d691fe1b23b22cab15294662bbd2ef8ca1ba8e80ca78e872a813
GuLoader
314083c1c0f3453c1a2bf9e88d71b193e5ce26deccb61deec9db2c5c5c273118
GuLoader
8d1b83eff1b3c604365fd29de1bb43204852de842c0bb148975fe7a7485310e4
GuLoader
927a8d1445750400db3850d0b2dc3522b0f373098385373efa3d7762120f3689
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c653365657fbf65429ad845d0a0d93106e972aca929739560ff4b4796bd2be08
GuLoader
f3ba5d0b27ff406dcd1c624aee919f394d231b878f040ec23e36c7f0cf81df99
GuLoader
f6c6a59c54373d9a49e7a5a7aa859d6bda9f5826e4bb652f5898fa78c8748f39
GuLoader
+ 630 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 0e72431bb3f2c1d3fe29a14c82437c83ffbadcef763467e89137a3fac2a736b7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/334705/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments