MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ace558d202e365fac33752bc28b1c60b07e90904c9f0f4492d13d67f3277530. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2ace558d202e365fac33752bc28b1c60b07e90904c9f0f4492d13d67f3277530
SHA3-384 hash: 39a98d078f227ef34cc07aecbb211fcc507cbaf47852a66a4c72d5523db8434ac3885fec2cabaacbc0251dfcbd1289f2
SHA1 hash: c131b26196171709182d32ead6d8bc983edea9f8
MD5 hash: f6fe39b2b6a77d54f67c50e9accb8296
humanhash: hawaii-white-green-mexico
File name:DOCUSI~2.SCR
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-05-01 15:54:30 UTC
Last seen:2020-05-01 15:55:37 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 167147fcdab6714b5f29d97d4d4650a4 (1 x GuLoader)
ssdeep 768:MveU4aN7pBlExd08aVZxL5NzEptSmWO6YmyQeygD:xU4aNNzEHGN5NzutoihyE
Threatray 126 similar samples on MalwareBazaar
TLSH A3834B16F9D4E573D580CAB24F3A96E0687BBC304D458D237A5C3B2EDA79E06E480357
Reporter cocaman
Tags:GuLoader scr

Intelligence

File Origin
# of uploads :
2
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Win.Trojan.A4eyumdi-7736299-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 16:35:31 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=flhfldjafy3f7lbtouv4fcy4mcyh5eeqjspq6res2e6wp4zhouya._file
Verdict:
malicious
Similar samples:
1e22fffb30866578e2bae67b3a138e194853123914d5fa82440f6a2058bfdb3e
GuLoader
233b77662bc561852146198761fa55b8bd63b0c075150b8ea02a92aa2f5212e6
GuLoader
39931e1fb3b7e82ef1669505f39e9598c1620b8740ab59971bc6aeae0cd6082b
GuLoader
4b9d879ea6b4ca40c087b7cbd0474590bbca1f1dc788cb7689a96bbf0a044d4b
GuLoader
54f42da8259c446dcaa20a678a382301b319b3936c9d42fe50300d28f6c5939a
GuLoader
7ba9e4b99caaf229425337ffb54ef594c715229cf47cffb01175e20cfb71f305
GuLoader
c10808947a65d455863b0449c74a6cc2112fd8fd60dab90c0f51edddfad4cb3e
GuLoader
df34eee3a23ae66bb689bc1911e417cdaa7b51c353dc586bdb3280f86df09b55
GuLoader
dfe54696ad7c10bc44e524a6d292f94a951bd29aa1f4dbee29b6ae56eaf9fa51
GuLoader
fbae0ff635e7b7cb7646fded915f70803f4c564348b77bf2c6d9809c4353e9a6
GuLoader
+ 116 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 9c3241e1bb45734e245ae7e36dd5145ff7fee1efc0d9550e6d5b7a8b0d1784fe

GuLoader

Executable exe 2ace558d202e365fac33752bc28b1c60b07e90904c9f0f4492d13d67f3277530

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 9c3241e1bb45734e245ae7e36dd5145ff7fee1efc0d9550e6d5b7a8b0d1784fe

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd

Comments