MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3d4b5ca6cf89ed481dee43c1b33dfd03c0863631efbbce57f1d678341f827872. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3d4b5ca6cf89ed481dee43c1b33dfd03c0863631efbbce57f1d678341f827872
SHA3-384 hash: af0677679109070b68450c411d8ef1854a6cf65fcf924bb737cc295b21bb2fdeeca0c3ea5db6381fdf614fdbcd30f2cb
SHA1 hash: 9f0c96ce7efa3f9d63daf40b05dbbe508deba148
MD5 hash: 4a8cd92b0d165fbf4a8de821812a529c
humanhash: kansas-alabama-mirror-yankee
File name:Irresantic.pif.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-04-29 15:05:11 UTC
Last seen:2020-04-29 16:00:32 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b03a78c5d6c72fd8d8ba5cc41350cd91 (1 x GuLoader)
ssdeep 768:nJudPCHAOhaMpNzvfC3r4mf7Y73HtBgIs9UNwhjqSU921q/sBGMJ:AdPCHAO3pNvIr4mkzbns9UNmjqS02R/
Threatray 216 similar samples on MalwareBazaar
TLSH EB93178076CDC0A3E76E7AB08A26D6A822177DFD2C30BD42304F367EF67990D6E50056
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AC.23411.30989.UNOFFICIAL
Create hunting rule

Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/353997
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 15:05:02 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
102a406e2b148d3dff10dc067b37c4cfbe7594c9e10dc3dc2d3b13b3c908678e
GuLoader
277ad2e30607538075324d56c194f6256f2a37245f952038d709f237545bf0f1
GuLoader
62009eba5623f35454d0d19824c688a0f1fb45dfa88516a3999680f984bdf1f7
GuLoader
70041cbec1ec2f2daaa69db5b81dbf780fe796192d0e9620ad8bba56b45a6d22
GuLoader
8eb33d0b08f137c3aa3f66d5afe0188b9b60458f95ecf8a2f2ca3815059e2fca
GuLoader
8f33b384251c871f6061fcf7d092dd5708cf9b9e0ff92dc09bf3bd458c6cbdb8
GuLoader
ca73b141e59412b434f105fef26227cea43190fbf99e7be806f00b9b9f7a9428
GuLoader
d4d2c82cdc75f723e08d6139593a5a651e75e74b885acf480fe41c239d99e548
GuLoader
f52e553ac38124b5eb9662305ddf404df6a8c68d9287137c938a920eadeebe0e
GuLoader
f66a9d139aac9008f3ca07794f8389eed945e1391b0ec20c72534a51bda3bea2
GuLoader
+ 206 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments