MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3446c44f768ea83d31f4f27788b294f5a45898023daaf299f7dcb8c8cbba472a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3446c44f768ea83d31f4f27788b294f5a45898023daaf299f7dcb8c8cbba472a
SHA3-384 hash: dfedd744babacec1da47f6ef87457d1ab54434126955fe4746ab8dba7f4fe8516317f082e9099bc231fdac736ca91aeb
SHA1 hash: e07091c3d52895cfffc2a05a56e41904f7fdd227
MD5 hash: 1e4386790cec09a93dec93bfd22c64b5
humanhash: mountain-bulldog-nevada-five
File name:Product Inquiry PO foods and beverages.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-04-29 18:35:59 UTC
Last seen:2020-04-29 20:04:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash dd3cd51794d20fa5aa0ad178cf99c978 (1 x GuLoader)
ssdeep 1536:FuLB8Fwd9nS8OByigGaM+tSx6ogYrgKPjNaN0:FuLB6wd9nS8OByigGaM+tSx6og0gsNr
Threatray 484 similar samples on MalwareBazaar
TLSH 42731960F494D433EE518AB54F42CAAE461ABCB14D008F17758D3B3D2B35E09ACA6F1E
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.43068396.22059.24616.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 13:55:08 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 30 (73.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=grdmit3wr2ud2mpu6j3yrmuu6wsfrgachwvpfgpx3s4mrs52i4va._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1523161db16fc567363e0ea7254b23144544a816dc31030a3a26b9f6efbfc34d
GuLoader
1794a70ea1648e95eb6c74976b5d9e88e1464328b339da71e3cd864e20838d5e
GuLoader
3310955f18335677243f9ce26cfb7c8129e1b74842eb1d87af6aa6004a5e3f1a
GuLoader
61d90a7cf82c0dcc1892fac3a5df6eae0407e2f4e0221af5d0f4223021024274
GuLoader
65131044759196e12700fd7ee31168c84bdf760ef3a8f421f49fe39ad5177e86
GuLoader
79b43a2463e2a406adba5e01b2c0cc5d58ce6989532e34e353cda8672dddbd4f
GuLoader
bb22a0c4a604064f5bad7484b31e06d0dc31f7ce01f26a5cceb78d71ea259daf
GuLoader
bbd8d503832b7b2b22c6892fc0d3047b022c67c81cc1226a89f33f9ac38795dc
GuLoader
c3bc66d18946ecf4e0be034df58f5fdc4e7c78210c93a6b4c0a197288a976f0b
GuLoader
d0daced4c604ca477c9f6f7c0e6fb80dfa9cabdb8a93ef7464a2b5ea066d171e
GuLoader
+ 474 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd

Comments