MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3310955f18335677243f9ce26cfb7c8129e1b74842eb1d87af6aa6004a5e3f1a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3310955f18335677243f9ce26cfb7c8129e1b74842eb1d87af6aa6004a5e3f1a
SHA3-384 hash: 47d6b2df52cd640098662fa2caa936d6be7e8df8f5e2e4ea08f24538966bbb430b463dd6af277199656b38eb1b4f6f34
SHA1 hash: 01ea65651624de470c57d6862718a6444f0d1bed
MD5 hash: 728e76625a5a1ccc48158ca5dfae10cf
humanhash: twenty-avocado-alpha-gee
File name:PO-07645798-Order-Sample&Specification-Project.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-04-30 06:45:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 218b3af248902568888bfaf85281735f (1 x GuLoader)
ssdeep 768:tStmYLba4UpYig4S7PvjlisFUJKBkPRRai:DV4rig4EdiJzRR
Threatray 595 similar samples on MalwareBazaar
TLSH 3D734B6DB68CC476EA1287B10F53C7EEC6AABC329A044E0736FD377C1634B05E954269
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm34.hanmail.net
Sending IP: 203.133.181.14
From: 광양건축사협회 <gykira@daum.net>
Subject: Siemens Systems GmbH: PO-07645798-Order-Sample&Specification-Project
Attachment: PO-07645798-Order-SampleSpecification-Project.img (contains "PO-07645798-Order-Sample&Specification-Project.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 23:24:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gmijkxyygnlhojb7ttrgz634qeu6dn2iilvr3b5pnktaass6h4na._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1523161db16fc567363e0ea7254b23144544a816dc31030a3a26b9f6efbfc34d
GuLoader
1794a70ea1648e95eb6c74976b5d9e88e1464328b339da71e3cd864e20838d5e
GuLoader
3446c44f768ea83d31f4f27788b294f5a45898023daaf299f7dcb8c8cbba472a
GuLoader
61d90a7cf82c0dcc1892fac3a5df6eae0407e2f4e0221af5d0f4223021024274
GuLoader
65131044759196e12700fd7ee31168c84bdf760ef3a8f421f49fe39ad5177e86
GuLoader
79b43a2463e2a406adba5e01b2c0cc5d58ce6989532e34e353cda8672dddbd4f
GuLoader
bb22a0c4a604064f5bad7484b31e06d0dc31f7ce01f26a5cceb78d71ea259daf
GuLoader
bbd8d503832b7b2b22c6892fc0d3047b022c67c81cc1226a89f33f9ac38795dc
GuLoader
c3bc66d18946ecf4e0be034df58f5fdc4e7c78210c93a6b4c0a197288a976f0b
GuLoader
d0daced4c604ca477c9f6f7c0e6fb80dfa9cabdb8a93ef7464a2b5ea066d171e
GuLoader
+ 585 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 69e9ae6618539457ef09121155d51a2c4f65ca14055806f9699e14e48916c21b

GuLoader

Executable exe 3310955f18335677243f9ce26cfb7c8129e1b74842eb1d87af6aa6004a5e3f1a

(this sample)

  
Dropped by
MD5 a118b7e2e2dc4ea0c9042f5936bd300f
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 69e9ae6618539457ef09121155d51a2c4f65ca14055806f9699e14e48916c21b

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd

Comments