MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 145fe82f875fa5dffa93f13326c20badef3d69187f55ffb85bc0d89172c5ce11. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 145fe82f875fa5dffa93f13326c20badef3d69187f55ffb85bc0d89172c5ce11
SHA3-384 hash: 138ec093510f14e846731554b37e15517708398280ee43fbde25af87752edd8f27e6ca1d7aba8f2a162d6e2649a57be5
SHA1 hash: 96a3c0c132ead1495078f5ca4ab95eaa45ff4d6f
MD5 hash: 748602b9156d21bad56b0258ac0233b2
humanhash: cup-utah-solar-robert
File name:Scan PO 961451.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-03-31 16:40:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fbd421dbebf1cdf0a74eb13ed1444698 (1 x GuLoader)
ssdeep 768:d2RJSAxmokVEI6XrQKPbFCZ93i61fOJ8r2vceohwpV6E2nuyp0JDtBl:cVmokWrbPpS9y61fOJ8pe9V6N7Wx
Threatray 4'935 similar samples on MalwareBazaar
TLSH 9EA3C712FA00BC64E5384EB69B71979C235A7E356E496E0335C83EDF7BF11607002A9B
Reporter cocaman
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Remcos-7647550-0
Create hunting rule

Win.Trojan.Ponystealer-7648176-0
Create hunting rule

Win.Dropper.Remcos-7683428-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-03-31 17:55:44 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=crp6ql4hl6s576ut6ezsnqqlvxxt22iyp5k77oc3ydmjc4wfzyiq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
02b10c6690bd0ed3e9b675553519df78a7ede63a398d68304043eacb691fd305
GuLoader
1db7fd03dd728cf21ada9d1bed2921bb70104a77935ad50aaa0851d4a6d3ccb5
GuLoader
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
GuLoader
3bd58e3b3fe712e8d7595cfbd576a96251c68a5dac230bd3e778640e8eb817ec
GuLoader
5e09510e834b75413af64e013eda43df867fab6080facf4227a08ca64861a244
GuLoader
68739817fe82121fcedf1092eca699f59941678ddd9622062c8d40c200bef82f
GuLoader
688ac9fd686d48bc6fec56f27e814c48d7849f548ef14d763dd446b61140c388
GuLoader
6b1c79f707bb3089e1568373e8751022e8fc6cf14a318f58041a247c97ccf317
GuLoader
a88caf11b01cea311aca13b6e757a8974d5033e1acb8749b9d1951ed0d93d44c
GuLoader
f9a4827b1355e83175a1ff06792046f8f81e7140748600743636a7725f9a79c5
GuLoader
+ 4'925 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar dfc463b9f6217a2c3375e0bd7da6796feb7b29b7b7975586bc14f3c1a5c11c2f

GuLoader

Executable exe 145fe82f875fa5dffa93f13326c20badef3d69187f55ffb85bc0d89172c5ce11

(this sample)

FormBook

Executable exe f9a4827b1355e83175a1ff06792046f8f81e7140748600743636a7725f9a79c5

  
Delivery method
Other
  
Dropped by
SHA256 dfc463b9f6217a2c3375e0bd7da6796feb7b29b7b7975586bc14f3c1a5c11c2f
  
Dropping
SHA256 f9a4827b1355e83175a1ff06792046f8f81e7140748600743636a7725f9a79c5
  
Dropping
MD5 fae1b4e5f56cc0624b29527a45a9206d

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaErrorOverflow

Comments