MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 37991980ed910dd02716c5afeaba0042ae5c68f1b37acd037df9aaa6c181c4c6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 37991980ed910dd02716c5afeaba0042ae5c68f1b37acd037df9aaa6c181c4c6
SHA3-384 hash: ea4ef01bc1ff58d5a6b089b3c83b5dd5e7f66e645b4b15722e4bc3f2f768df298ef24cd410649edb8baa27f12633e627
SHA1 hash: 2dab565ebb30c5e60cf84d5af65b057bdbc6a0a6
MD5 hash: bd93266ce129695b3cbfcc52f2d936ed
humanhash: music-floor-juliet-skylark
File name:PDF_97F6D.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:143'360 bytes
First seen:2020-03-29 18:26:28 UTC
Last seen:2020-03-29 19:51:02 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 05171bd91900675f9ccf4b008bc9b33b (1 x GuLoader)
ssdeep 1536:t3BdeuaSrCHYSuAq73EE+pYYYYLjC77vYdMOH4deitkr7NW:tRdv7wpv5W
Threatray 674 similar samples on MalwareBazaar
TLSH B8E32A67A921D011DF0109B14B6B57EB1CA1BD2499409BDEAB923FDC9AB0F5BFC30364
Reporter c_APT_ure
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Agent-7655246-0
Create hunting rule

Win.Trojan.VBGeneric-7646001-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-03-27 11:16:05 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=g6mrtahnseg5ajywywx6voqaikxfy2hrwn5m2a357gvknqmbytda._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0a6caea4ce7bf55029e1f01895a6c653fb2c5166f76dafcf94956dd8915e4eab
GuLoader
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
443bc33e9d28fddd4229367cde23085b8d57549093ce8e991eb4753ce58c85fe
GuLoader
76539c09f989d3cc938d6984f9ee8b6680fe2416822d63bf53a1712aaf9b695f
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c7552fe5ed044011aa09aebd5769b2b9f3df0faa8adaab42ef3bfff35f5190aa
GuLoader
cfec171794d932015209d2b654f3616dd552e400013931ca1a07b302a096abc8
GuLoader
dda25996ab5b78fa63ab71aa304360374fe2eb6ded670c778b2c69d9fa1f1e40
GuLoader
ef8f03a25087eeab581d8439a0a19ba7148270d2210d479c1d6867fac69dc813
GuLoader
+ 664 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 37991980ed910dd02716c5afeaba0042ae5c68f1b37acd037df9aaa6c181c4c6

(this sample)

AgentTesla

Executable exe 1059bb805df6a3bf99410c7a5df4e56bbbdd698b8c6c928ba4e42327e61e235a

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1059bb805df6a3bf99410c7a5df4e56bbbdd698b8c6c928ba4e42327e61e235a
  
Dropping
MD5 8708eb0175ddf34d000c07561ed4e491

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments