MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1e69b9f6dc891618bed32c776bb20ffc62b8ca9700241a145eb4246c23d864a4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1e69b9f6dc891618bed32c776bb20ffc62b8ca9700241a145eb4246c23d864a4
SHA3-384 hash: c36b15cd2ebf2f6f0f386a45a3f5ca0b66f76953800fb1015157eb6cd1af7f41ada0c7fc9cd076a58c586a6ae261e8b4
SHA1 hash: 487347bda0ed9ac34edf10d1f14aa764ed566118
MD5 hash: 1361c262eeb5fe63c0638bd5728e9b73
humanhash: india-burger-pasta-network
File name:New Order (PO S057804).exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:86'016 bytes
First seen:2020-05-01 18:00:34 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash aa43fc6a241c901d8d5f5b5b056e2fc4 (1 x GuLoader)
ssdeep 768:DfDijvA8vpNGT81GN869s3LlESigI2kfma8/:7WjvA8vpw8ogESigI2Bj/
Threatray 280 similar samples on MalwareBazaar
TLSH 5F83F82ABEA8E636D50586F51E19E2E441B5FC364D05490BFB84BF2F3B31953E90039B
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Win.Dropper.LokiBot-7734010-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 00:34:50 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dzu3t5w4relbrpwtfr3wxmqp7rrlrsuxaasbufc6wqsgyi6ymssa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1218e6f611d06cbf81e8b72e9c1fab06d8d54c5a7b6ce49e4e26bf86ec1807b2
GuLoader
396c67d17bdba56c29d4774991879313c236e9db5b9e1173f322d1bd3194edd1
GuLoader
6dd4cc2127fa0f8b93d7f95ab3bc644d317ec7510de4d92d7a1daa8eaf54cdb6
GuLoader
7e60af333b52731e98a3c49c7e0ecca12d86c8277f4e6f8f118fd021beb5acbe
GuLoader
9b77dffb83a26f126a334f4dd9de9c8a21802a1b05de3067584ebfa25826f9fa
GuLoader
a5e798492ba6892a57c79c635679563eceacb6d1efcc38f5dfc0232518861ca8
GuLoader
b9e80d2e7af4a98e04149a178f065f16e08f1c8807d01a0c8e6fe694bc8bf53d
GuLoader
ecd4eb939a0fbab100729b6833c67c9fa96416073bf36f82b06393fdd12dd045
GuLoader
f5b55fe9b33435e6a2053e16b843b5e89f3f4f3c8dfaf778386f2896b5ec4b7d
GuLoader
f6cbd9ef6fbc0c2774a4bf2e43aa01804ee0294a453e8254f5a843a40051da31
GuLoader
+ 270 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments