MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 257f7f0c92641c894e714e1954f288342cce3bd8ea8470d3045724221b49784b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 257f7f0c92641c894e714e1954f288342cce3bd8ea8470d3045724221b49784b
SHA3-384 hash: 4afa1128f99fb75d5c2b128c3c03f3bf28567dab83a90d1333b5a6d870fd0e6ff428968ce02d91c423ad193d39642a05
SHA1 hash: 261e9686a492580b4032b692138e3f7de185a166
MD5 hash: 56ace0f5e8c2d59de2631ffa5e253c1e
humanhash: florida-king-social-don
File name:invoice 4653282.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-04-06 06:29:39 UTC
Last seen:2020-04-06 19:31:01 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 533eb361fc983e596ce60f2e605fa663 (1 x GuLoader)
ssdeep 768:lwJU5KtuomDTcBrmOAJGvV5X5nhK6hYdWZ+l1zsRlHeWWV:QU5KUomDTcBpAJGvjX5sFdW+vsDHdU
Threatray 142 similar samples on MalwareBazaar
TLSH 92A3F822BA60FE51D4015EB28EB69BFC4631BC30DC41AD077AC13B6E3D79151B691B87
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
5
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Noon-7650558-0
Create hunting rule

Win.Malware.Generic-7650850-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-04-05 20:09:51 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ev7x6desmqoisttrjymvj4uigqwm4o6y5kchbuyek4sceg2jpbfq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
517e1659c9d9ee4de266b3ade2d06965b670d17082ae2c2c97b4c694bb29152a
GuLoader
692dc7ac48dfa381cd7f860236876e3621af2e1dc984b8f14cad498e412e88d8
GuLoader
6ad2831339a2a6fc8d140c8718cf38fabef9915409bd32cd86221b515b4be629
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b74e722c4a7b85d49e9c25991528d742161a1ae76c860e001868b1918dc66222
GuLoader
bd8b83f7dd16986237807033ff8ce00cda8d173d44a9e9f95e7a8e77877825b1
GuLoader
de034510400de08c5508ad8d236bc533990778cd9867c0a6190a5459cbca6422
GuLoader
ef8f03a25087eeab581d8439a0a19ba7148270d2210d479c1d6867fac69dc813
GuLoader
+ 132 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd
MSVBVM60.DLL::__vbaErrorOverflow

Comments