MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 36d234ce270e0a44671666a82d6ea92d896f7c2516a25b8121ccdf3502977cb0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 36d234ce270e0a44671666a82d6ea92d896f7c2516a25b8121ccdf3502977cb0
SHA3-384 hash: f6444366e6291b1a97d78653de7efd95893464f2011a8bf99751500b67086bff4673b52a2d01e9a834d5e20a46761994
SHA1 hash: a5408edbf09269611d6586e42820a98912fc62f7
MD5 hash: 46515e5688efd0c902256fea070483f9
humanhash: lima-leopard-speaker-hot
File name:DOC.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-03-30 06:18:24 UTC
Last seen:2020-03-31 07:41:48 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a617f274c51031f6a98a769a8d44d7af (1 x GuLoader)
ssdeep 1536:Gkuu8HyjJ68r7hPP0o1bcaeMFWTkMaZJbpXUt:hwI0m7ZJbGt
Threatray 520 similar samples on MalwareBazaar
TLSH 7DA3E712FA00BD54E5281D718BB59BDC23427E297E09BE43358C3ECE7AF12947192D9B
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.VBGeneric-7646197-0
Create hunting rule

Win.Dropper.Remcos-7647550-0
Create hunting rule

Win.Trojan.Ponystealer-7648176-0
Create hunting rule

Win.Dropper.Remcos-7683428-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-29 23:45:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
29 of 31 (93.55%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=g3jdjtrhbyfeizywm2uc23vjfwew67bfc2rfxajbztptkauxpsya._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
GuLoader
2090ef501bf30eff58e65ff4491b5a913e5e105ff952b6d26b3e5ccf9e251cc9
GuLoader
4d373131b0d3254d72f1a06ea168267376b8cc8f805daa53963db5f051631967
GuLoader
752db567072f4a2760250ed35d71d75f5b3dbbab62ec60ca6d2e694c4b744a09
GuLoader
8f4147785131b1c4e30710abb80aa3184ce0d070a0bf557a633a8a0eb8d1a77b
GuLoader
b113aa45c20fb4a1b058a76068faf201fa21295df5aaf54e32f3034c6944947a
GuLoader
b957ef817c366f048f64e10b916eb33113a58511a7aaa74212c93e080ed1af64
GuLoader
bb8016149b1cfa77fa6614decb51d21b20385e2749f1b667ad0d51615c9baf05
GuLoader
d0604fe76ff35e2311825f1822171208bd472c764dfbdbf45e20fad47f6a4472
GuLoader
f842179b4979090b6435dcc7ae0ffb46d42899fd4a1926c11fadd7e39ca5f505
GuLoader
+ 510 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments