MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 44cac425f9daa34c012650bb145870ee3df2d1f5a87da9d58d20539ad8f51f10. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 44cac425f9daa34c012650bb145870ee3df2d1f5a87da9d58d20539ad8f51f10
SHA3-384 hash: 4737d09afdd40ddfe190c1b188067b301457b5936b52cf4d3df5631a0b721fc6cb7d6ee0beef91c82ae8f899cad2f06e
SHA1 hash: ad014301aff92a17622c937c834a3209bb40c9c6
MD5 hash: 8a1020c0977fdbe5b18853aa2abbeb01
humanhash: oklahoma-california-fanta-fish
File name:Invoice#000975.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:217'088 bytes
First seen:2020-04-22 07:25:02 UTC
Last seen:2020-04-22 09:03:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7e830e2df76507d869685b7c1d497edb (1 x GuLoader)
ssdeep 1536:uBSgkqeenCeCn2hx43c8/eYcEmA8THqZ0rD/AJYvQYLcAuOdNt5FfFZDwq3MQ8At:K+neC+2zMTPTxfAKHcDydmmMQ87K
Threatray 186 similar samples on MalwareBazaar
TLSH 5F24F841BE70E463C71082306FE6DB7EC2583DE0DAE1D61F2090771AEE326995A6167F
Reporter cocaman
Tags:bat GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.NetWire-7687328-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-04-21 23:34:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=itfmijpz3kruyajgkc5riwdq5y67fupvvb62tvmnebjzvwhvd4ia._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0c6ef50f134bbd723eddc99d8f9fc78b37e7e2590ec907ce4209075677add6d9
GuLoader
3bc2e6f78c3a261a13546f719d6b089dab1730e8f6539d7ab7a319fc3e410270
GuLoader
4e0e1ee117544cc9cb6784d36db3d349624ef1c888267b1e266a03ddb17d33a1
GuLoader
4fc219b61d4c1ec456ac76af0a82dcfde187dcab2b015a277c6ee96b04930091
GuLoader
5c7b25c7496dfd38b4b8b2e0b77feaa6990cc65d2c376e49ede55188ffa0ea15
GuLoader
7a760430295f2983742510a35642ce550c0bf4f8f9632f027bbb11de037126b1
GuLoader
9047151fe524a34dffeacd46eba66b4b0a87beb7f3e513ba8e5c6ca367ccc505
GuLoader
b801afb5529bee671ee0219b95450122f641260b372695c89d7bdc5c2c227b65
GuLoader
bd3afdd3cda53eebbebcc99b946ff7eb2f972fcf1c5a3a11ffcf633a46f1b853
GuLoader
e273d82c782a01c388cc619e6832bfb43301f4308884751b9393262302fc84c0
GuLoader
+ 176 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

arj 48314ab1acce92efb2dd4404293bf9c3a7e0e4194a8de78ab9cbb638163977b6

GuLoader

Executable exe 44cac425f9daa34c012650bb145870ee3df2d1f5a87da9d58d20539ad8f51f10

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 48314ab1acce92efb2dd4404293bf9c3a7e0e4194a8de78ab9cbb638163977b6

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments