MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 23eb70abd818d93364ae2f896425d05fd38788c54429f874fabade1671b267b6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	23eb70abd818d93364ae2f896425d05fd38788c54429f874fabade1671b267b6
SHA3-384 hash:	3d24a4b42f0c9bd367fa0780441aa798402bde039a859e37d19fe5dfa4ebe598e5e2913ae0359f5b56dd8cefbfb7f726
SHA1 hash:	a3244de81240787a0ac1a29324cc90ea9ed6b651
MD5 hash:	f49862e3925c890dfcf90069bbbec4c3
humanhash:	echo-ohio-wisconsin-nevada
File name:	Credit Note_#00002891346_Wilhelmsen_Ships Service Ltd_pdf.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	77'824 bytes
First seen:	2020-03-20 07:10:37 UTC
Last seen:	2020-03-20 08:30:12 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	ca5c698467ccc746366a8b1f3e24459d (1 x GuLoader)
ssdeep	1536:xM8DgIpQq3RH8vtlacGrCugPQIehcxkxR:9gIiA6tlacGrtgPw2kxR
Threatray	1'452 similar samples on MalwareBazaar
TLSH	27737C07F740EC76CC58CB3F6C4AD6A016177C256991DB973698BB1FE8F00618E69A2C
Reporter	jarumlus
Tags:	GuLoader Lokibot

Intelligence

File Origin

# of uploads :

# of downloads :

254

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Vebzenpak-7640209-0

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-03-20 03:44:00 UTC

AV detection:

25 of 30 (83.33%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=epvxbk6yddmtgzfof6ewijoql7jypcgfiqu7q5h2xlpbm4nsm63a._file

Verdict:

malicious

Label(s):

lokipasswordstealer(pws)

guloader

GuLoader

2b419f986ea266fa5826fbb6858782f7c2acfda73aa5ec5cb21d64537d6a4ea1

GuLoader

89e54f19c04bb28c90f0ee75419a149c8178f9841435a20be727506d0c9506d3

GuLoader

8e73f4dbd13dd1cf8475bab8fae351b8a05507e429bd3b3700fca13dc764d66a

GuLoader

bea57552e1978630f3038e4df06ea8fe0d34c9c1656c971f2bb01a894b0f67eb

GuLoader

bf6d2e90c5fd6b327f1e513402eb01491ac8487b682243450ad684de5e6e62d4

GuLoader

d05800ab82af8100fbb6ee66729de2aa580f8acde780df49ef14b4213f316e87

GuLoader

dfe66d2e7938bed4e4452f82519a8b02d0ac89e74341a4abee8b2ec1c6a7ffb6

GuLoader

e01f7d5f5a34bc9fde408c3f3fb441b76b6a2c3e2915cbf98ac5ca84e61e2b5d

GuLoader

fe7a6728da6e544a5963774daa1bae063246a1211a815abdb736ea7a31d7bd30

GuLoader

+ 1'442 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/23eb70abd818d93364ae2f896425d05fd38788c54429f874fabade1671b267b6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::EVENT_SINK_AddRef

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample