MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 39931e1fb3b7e82ef1669505f39e9598c1620b8740ab59971bc6aeae0cd6082b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 39931e1fb3b7e82ef1669505f39e9598c1620b8740ab59971bc6aeae0cd6082b
SHA3-384 hash: 1a1852f61e6434d5a4aa6344e1f8fb2d4a2f41f26ec3989ba68054972bb779b85080f990013156797f5495b79f4c3c04
SHA1 hash: c1f861126194b0bbeda3d4386c1d32430e5f73d4
MD5 hash: 7ceff344f1048b58a1f443ba37bf2baf
humanhash: jersey-island-artist-ceiling
File name:DOCUSI~0.SCR
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-05-01 15:54:02 UTC
Last seen:2020-05-01 15:55:14 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash bdaf87a810199d922706b13a55ad4e36 (1 x GuLoader)
ssdeep 768:8PjhwrJu8Vo5Q2yrnfy99/mSliT5et9hllLKnmtncwGno2X:OwrzobMfy99/Zi1exlznc7oi
Threatray 147 similar samples on MalwareBazaar
TLSH EA834901F5E4E977E6A08BF54F62D2A840A6BC344D419D0BB7A9BF7E2B32E05D510327
Reporter cocaman
Tags:GuLoader scr

Intelligence

File Origin
# of uploads :
2
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Win.Dropper.Genkryptik-7735947-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 16:35:32 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hgjr4h5tw7uc54lgsuc7hhuvtdawec4hicvvtfy3y2xk4dgwbavq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1e22fffb30866578e2bae67b3a138e194853123914d5fa82440f6a2058bfdb3e
GuLoader
233b77662bc561852146198761fa55b8bd63b0c075150b8ea02a92aa2f5212e6
GuLoader
2ace558d202e365fac33752bc28b1c60b07e90904c9f0f4492d13d67f3277530
GuLoader
4b9d879ea6b4ca40c087b7cbd0474590bbca1f1dc788cb7689a96bbf0a044d4b
GuLoader
54f42da8259c446dcaa20a678a382301b319b3936c9d42fe50300d28f6c5939a
GuLoader
7ba9e4b99caaf229425337ffb54ef594c715229cf47cffb01175e20cfb71f305
GuLoader
bcc7af2de70a30482b2b1b282579faf215fed0f5f9e9f9c060f81d720845df3c
GuLoader
bfd12725c557e1a9992dccff4257290adec43be6315f68471af0d26c9fa662ad
GuLoader
c10808947a65d455863b0449c74a6cc2112fd8fd60dab90c0f51edddfad4cb3e
GuLoader
dfe54696ad7c10bc44e524a6d292f94a951bd29aa1f4dbee29b6ae56eaf9fa51
GuLoader
+ 137 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 9c3241e1bb45734e245ae7e36dd5145ff7fee1efc0d9550e6d5b7a8b0d1784fe

GuLoader

Executable exe 39931e1fb3b7e82ef1669505f39e9598c1620b8740ab59971bc6aeae0cd6082b

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 9c3241e1bb45734e245ae7e36dd5145ff7fee1efc0d9550e6d5b7a8b0d1784fe

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd

Comments