MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e487a6e78ce053ac4add56861cd380be9c2920d292f83448c0a3f8a814c53d7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e487a6e78ce053ac4add56861cd380be9c2920d292f83448c0a3f8a814c53d7
SHA3-384 hash: 7a33e45dc5088c8d8c4b675751498cc98a7f596f85aee03e5fdd36a7a27c54b1eb838e5cceb7d57c8db55547fcad5f5d
SHA1 hash: dabb17fa83db7ab93f98f362842cf95585f93d71
MD5 hash: 86d4f58062aa210d5a2bf912e0d5f2d4
humanhash: venus-football-lake-lion
File name:ASCENDI20200407095614317202155317.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-04-08 15:19:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 15323a7d788abb20d51d8d90aa00102d (1 x GuLoader)
ssdeep 768:T7Np5ZJz7DrzKSaCKy5hJRZhYgIRKctcpAFpStGgBXCqIr1288bTYU4Wwivqlkd4:1protcp+AtGgxtQUbTY1WwivqlkFh2
Threatray 847 similar samples on MalwareBazaar
TLSH 4EA3E552BD52FDD1F8004EB2A97A8FEC41F6FC359E011A03A8C83B6E7D715417652B2A
Reporter c_APT_ure
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Generic-7652321-0
Create hunting rule

Win.Trojan.VBGeneric-7652356-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-04-08 00:18:28 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hzehu3tyzyctvrfn2vugdtjybpu4feqnfexygrembi7yvakmkplq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f
GuLoader
20a6cb528c226cb7076f9bdcac76a942b32af0baa48df8aeae65aeb20380c2d5
GuLoader
37d7bba1bacdbcb35e301c1fc391449ea84d1203ca59a8b1f1142acf4596e032
GuLoader
60c2a6a0bc12f4b6fd4ecb473d5de3d9de561ee3125055dbbf2d8ff12bb83f60
GuLoader
700f698c42bd0c706c968e420ac3f60c70e4cd714318b61bb3118c564f9e2f3d
GuLoader
8869b2576e5e5ebd15edee49935a89a27bb6dee506483a27f805f708d4bf8957
GuLoader
965c87a812db18af2045b34e0aea89f39827d81b6d11a648fe96a6b1a3fba659
GuLoader
cb530981e6d92b89bc5346c11b478a5fb329eae8d8bb4609ee00f64747b993ff
GuLoader
d7e91c4ae1a0b9f6bd1c2ae422b2d9488949110017b9d06001e6bcd386905c8e
GuLoader
e8dda9e99f125c3ecf5c3ae873ac202105208fd0aafbdcec927005343f02f71d
GuLoader
+ 837 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments