MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1e22fffb30866578e2bae67b3a138e194853123914d5fa82440f6a2058bfdb3e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1e22fffb30866578e2bae67b3a138e194853123914d5fa82440f6a2058bfdb3e
SHA3-384 hash: 895be07e7a5fa617855c3ccca561d5d2c74522a1333fff3a0867f77340dbc87024e101d5a6aeddf24f5e496b02baf312
SHA1 hash: 74b678e54a9b976c27a45e5b3d2564692ec6d937
MD5 hash: 4e279debef2a5ca57de91cf5416c07be
humanhash: moon-lithium-michigan-alaska
File name:SecuriteInfo.com.Backdoor.Win32.Androm.C4041802.1483
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-05-01 18:01:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 487f2947464ddf2ae0b693f67f7f3ba3 (1 x GuLoader)
ssdeep 384:DBaQy5nVem12m2JZNKPFALtPOTSwlmjvsktooxUfynaKnIOFMAiCWBPHHqxLf7Oo:DBaQyhcm1ksSsZ8vtHPaZOFMjtbu
Threatray 835 similar samples on MalwareBazaar
TLSH D2834B01B6F8E573CA3C86BA4E26DAD9015EFC302D21C90776593B7E5B32D49E910B1B
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Win.Malware.Filerepmalware-7736004-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 15:29:48 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dyrp76zqqzsxryv24z5tue4odfefgerzctk7vaseb5vcawf73m7a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2ace558d202e365fac33752bc28b1c60b07e90904c9f0f4492d13d67f3277530
GuLoader
39931e1fb3b7e82ef1669505f39e9598c1620b8740ab59971bc6aeae0cd6082b
GuLoader
4b9d879ea6b4ca40c087b7cbd0474590bbca1f1dc788cb7689a96bbf0a044d4b
GuLoader
4cab1aacfb805a94301d5f14ff07c8a4c07cef2b81897c19fd35a04c5cfe2b68
GuLoader
4e49f8ed15a69e1147ae9428c9e5b4d4aa928769f261627abc059d2060e94a6b
GuLoader
54f42da8259c446dcaa20a678a382301b319b3936c9d42fe50300d28f6c5939a
GuLoader
6617979630def30c8a103baceedd1ddb972a53b984de91682aa93451faf833bb
GuLoader
7848e6e1c38a88fffa92f4ef02ecbf2ac332f2c12a42b04f6d0ac186ad815c21
GuLoader
c10808947a65d455863b0449c74a6cc2112fd8fd60dab90c0f51edddfad4cb3e
GuLoader
d9073504ba97540b65006d851251f330bcfb130500daad9a7f8616cb5a6a9ba0
GuLoader
+ 825 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 1e22fffb30866578e2bae67b3a138e194853123914d5fa82440f6a2058bfdb3e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/355504/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd

Comments