MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 472a4d21f664dbdb78739e9847cda51b6bb6d1a296307fff8a3991d5543056b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 472a4d21f664dbdb78739e9847cda51b6bb6d1a296307fff8a3991d5543056b3
SHA3-384 hash: 045463d171e40a037432b806d8fc8701839ca0779d66903a2f5a9617b29281a5a7c6852e39fafbfdd1e5fae910feb548
SHA1 hash: 56c441b5c7c080c9663ff695691609e5aaa538d6
MD5 hash: 788707adc4c4be37151838bdc4233623
humanhash: moon-echo-mexico-lamp
File name:QUOTATION REQUEST FROM EUROSTAR.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-05-01 09:21:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5da25d41c7b6f8ee5a28cab6b4f9fcc7 (1 x GuLoader)
ssdeep 768:1rCHAaaSfeiCgJMipJKMP2iK9CJzlRCh1be:5nSfVvhpI62iK9Cplohle
Threatray 142 similar samples on MalwareBazaar
TLSH D8832A72FDDCD072D105C6F25F22E7F41119BE361C158E0B768A7F2E5A38A89A824367
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Win.Malware.Generic-7740162-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 01:04:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 30 (76.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=i4ve2ipwmtn5w6dtt2meptnfdnv3nuncsyyh774khgi5kvbqk2zq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
3ceb6064faccd6e14f29b29580731e0239928c13f5ee8d942fa743530b2ed73b
GuLoader
5749af95d51ba8e5d08b5724c8806a4e9fdd137ad4424ca2dd6f025a2662b421
GuLoader
8969c43b9a620f08efca63187be703ec6655dfaa6168956a428ce2821ff67654
GuLoader
a05ae5c56a5a5c24f2c7276f2c669cb33c09f87d75a09030b094f12a4a1a17fa
GuLoader
aea480ebd5777e840f0b988267554fe1d35f70238bed009231b24475fdc0b0d9
GuLoader
dfe54696ad7c10bc44e524a6d292f94a951bd29aa1f4dbee29b6ae56eaf9fa51
GuLoader
ea4144b221a06872b7b1b7110acb32e34893b88fce0495d4ef1830bdac5e8440
GuLoader
f44cd8c2df04f8921d2d50831c0268b93d48fb0a149c3783331adaec733a47ed
GuLoader
fefbb000b1c667271dde2ffd5f749a389388d2cbe60b710b86e86a3a47f3de9e
GuLoader
ff74fb3d8b1bc85e76697ddd73113a500d0c735e3b0b97fa67dd7720e40a5017
GuLoader
+ 132 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaErrorOverflow

Comments