MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d67c5b17b0115be9c9213910f41e052d520c7f86a5b9373f145f8c5f2ded8e4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1d67c5b17b0115be9c9213910f41e052d520c7f86a5b9373f145f8c5f2ded8e4
SHA3-384 hash: b00020b6a2295d42fdbd4807233609eadfd3cc9d04510674292d9cdb4d17cb9ddf3215cc1934bcf4a87dd00b69d68a71
SHA1 hash: 1e6f8725a5c7ad4697402fe40261006837ad5213
MD5 hash: eff21c07fcd6583762fa349f67c460cb
humanhash: three-kentucky-bulldog-network
File name:DOC (1).exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:212'992 bytes
First seen:2020-04-22 13:27:06 UTC
Last seen:2020-04-23 16:04:28 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 45d384cce393ab6e6d760e9c3bc6cb55 (1 x GuLoader)
ssdeep 1536:hKyizO6u5Smfc6WE2vF1YP8aZJGQaf8OhrmAzYhx2FL2PQ1XpBe2um+WbzLj7TrI:h1F6u5zfc6W3i0aiPkOsaFJiW8WgV
Threatray 351 similar samples on MalwareBazaar
TLSH 3924F651B9709433C62846306EFBD3BAC2587DE4E9D5CA0F2090771AEF73A86546163F
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
6
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33709149.1091.31244.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Mucc
Create hunting rule
Status:
Malicious
First seen:
2020-04-22 12:52:55 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 30 (76.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dvt4lml3aek35hescoiq6qpaklksbr7ynjnzg47rix4ml4w63dsa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1ede635c9e8e470e911dc46b40300cd2e794703cedd0f5487d9677244864741f
GuLoader
350b35550e10e3ed50b1337e8899ab2eb9c9cbae7c077027f52bab3c5266bb84
GuLoader
4aeeacd6a9c14a9c0de9c89d4264cd72973b416a0704b44977d9ea399bbfb181
GuLoader
7e60af333b52731e98a3c49c7e0ecca12d86c8277f4e6f8f118fd021beb5acbe
GuLoader
8f6c9e3fe48707ed0446a2c90af1d3f6b10aab25b7cb60e78dda89f25b689cd3
GuLoader
9f025ec45dfd058e5cc1fe779756e56ba932db59263e33c8918aa15bf2ecf1f8
GuLoader
aa7b5def54c0b6de7931e50356aedec2dcea40167f6e0be83f257be9b35e262b
GuLoader
be45d144f539c0ef3ce8329cebcc9e26167f293bec1a9e82f5e7294a6fc17c5f
GuLoader
bf995a7e9baf77fa301cd9af7adece6147bff5397246ade2643b9305395a5612
GuLoader
f6cbd9ef6fbc0c2774a4bf2e43aa01804ee0294a453e8254f5a843a40051da31
GuLoader
+ 341 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments