MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2688e8478293d13b74ca8db4d8ca941e50e55663f02a5acf66482b50a4172073. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2688e8478293d13b74ca8db4d8ca941e50e55663f02a5acf66482b50a4172073
SHA3-384 hash: 066da9eecc7bdf57749a5c7870e99112b1651c0a617a021dce5847eb5cc3cccd078c11915a1c3d498fe0e5cb9518e7b8
SHA1 hash: 1183f6a7102122fc248dda2d9f7aa68e150f664f
MD5 hash: 2186bb79cf5a8960dba4567019327e91
humanhash: wyoming-carbon-south-quebec
File name:PO#949903334.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-04-29 18:27:28 UTC
Last seen:2020-04-29 20:04:58 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash bf7f20ddc86adff10b187808676fd099 (1 x GuLoader)
ssdeep 768:v0cSoJiWRTpnvqaKZiA3QWe631OWRekt2LHC6P0FH:3niWR1nvfEim3r3OQ
Threatray 522 similar samples on MalwareBazaar
TLSH E1833A66F1E8D275D54049F25F22EAE46197AC303D41CF33368A3B6E1AB2E87D91434B
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.43160.22928.3644.UNOFFICIAL
Create hunting rule

Win.Dropper.NetWire-7758177-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 08:35:41 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=e2eoqr4cspitw5gkrw2nrsuudziokvtd6avfvt3gjavvbjaxebzq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
52f137c22685d15df043daabdb9c823e07ecec4df42bcc2fa2c5bd45913d32ea
GuLoader
57994e763a8cb4ffd90cc837f48dab46de26c3abbb9b3b76612fa0813d08a79c
GuLoader
6d60301543d6c44ee6cd2ddf80e597fc1de3e4f30c9fb4332f5b2cd2592491f3
GuLoader
7565970d1c2e870f056ecc798867c8e0e470ca266b6e55cc6a6d36c08de9dbc8
GuLoader
9c1b8304fd7584fd24761e6e785f33f81d6453ce86f0e672c101e3e17757aef3
GuLoader
a311153c791b849034091bb57c8904ea17ee09b453b69bb7b28ab637389ad1eb
GuLoader
b2762663ec4cb81d9b5b27725628e1c9300575c29d558b24e2425df54cf9c105
GuLoader
df0defce758bd92b2db07399101c52e04c8059b1712ae0e74a420058cbbba52d
GuLoader
e0c82d351dda53014e0de79f9b425cb79d248fd0ee36241838052a304d728d29
GuLoader
e6ff6d164a876c50bfc4a6f7b6397914f9656d0e4aef1ceba65f1e92ed1b6c69
GuLoader
+ 512 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments