MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 33414949d9094cd4837b765b9164d860ad6785f06de72cd0cbc99ddef8de867f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 33414949d9094cd4837b765b9164d860ad6785f06de72cd0cbc99ddef8de867f
SHA3-384 hash: 86da7a6d082f374359a829a9d15b00062346cc4a45180dcf07cf5d9f1e97eafe30c70ad77c2bd3366d480e64214729d4
SHA1 hash: 6b4ae7905b3f51c19b1de72287d6b0a88f66f8eb
MD5 hash: 77d12e2ca690ed05dd8a2aa06a809a45
humanhash: edward-neptune-sixteen-north
File name:pato.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2020-03-24 19:05:39 UTC
Last seen:2020-03-24 19:48:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 629fe7d7059f76235c104644e8d6c69d (1 x GuLoader)
ssdeep 768:f9B+L4dCZxdXtdMjPuauAXH8HI+J8y5015mnI256aACqqcdKMqHpXawifG:VH4ZxyBbNEP+15oI2Ua1BB5Xa3+
Threatray 1'073 similar samples on MalwareBazaar
TLSH 2CC34922F601E010C4992F7C4D9AC7F95672AC315E30D6C77A427F5F38F96A3AD18A94
Reporter oppimaniac
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Remcos-7640339-0
Create hunting rule

Win.Malware.Generic-7640346-0
Create hunting rule

Win.Malware.Generic-7640419-0
Create hunting rule

Win.Dropper.Agent-7725907-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-24 17:46:15 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 30 (80.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gnaussozbfgnja33oznzczgymcwwpbpqnxtszuglzgo556g6qz7q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
1e9a8b6a59c6032152a629ed2d0a5aa222906aec50b5af8b0e3387365fb55ba7
GuLoader
51a4f59ddc8c429d6af5e0e9baf6511b8f8497441970e66913bb8823440335af
GuLoader
799d1f1babff3cbb4d32af69d12948ff5de47016063eea48756323516ed96337
GuLoader
9d8dfe823511ffc0ad4556618f8a1b99fd533a06f0323788c7d093efd9446099
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c9f5530468fde1d7a198bc7dd5a43c390b234f10649dcdbdc25890c0563d4691
GuLoader
ec336b0f654ee75fe0e24b09b6504ef9f43486b528281768a976d5ea738e72b2
GuLoader
f473972f1bc6adb86928a21d4a7af08550aec0ca5c17056a95e830142a2e8f11
GuLoader
fd70366a0abed417301e2a312927e5697e8ded01a50c830b408978fb61ff9241
GuLoader
+ 1'063 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 33414949d9094cd4837b765b9164d860ad6785f06de72cd0cbc99ddef8de867f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/329293/
  
URLhaus
https://urlhaus.abuse.ch/url/329347/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments