MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4f0d3018859a6ffe8301bfd9dc716cc0c49048b670274182678049501c924dcc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4f0d3018859a6ffe8301bfd9dc716cc0c49048b670274182678049501c924dcc
SHA3-384 hash: 17af904daaed51f29db22ac530eb909360de336b15a770a6d9ad74d603289d13ca5d67bf653db3a5ed2771a6d7f86a34
SHA1 hash: d58a308db45836fc0003481d98a989120e46a9fe
MD5 hash: ca3799b7d0cb5458645480a3afbd2d72
humanhash: two-uncle-emma-washington
File name:MARZO OFERTA 20200317-5244620.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:45'056 bytes
First seen:2020-03-20 14:53:14 UTC
Last seen:2020-03-20 16:34:20 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 53050130864fd085b6ea51d685440a9a (1 x GuLoader)
ssdeep 384:dG1tMZujNTG4qezmWINF+s6/vpGD5ulFcuF/lTX6gKg7QfBdUHzMeQgTQT+eLzA6:dG1IujNVWbcvpCqxL6gx7QGzMemqeH7
Threatray 524 similar samples on MalwareBazaar
TLSH 4B136DB7A1E99197D78AF53018BF916C31365EA10701E50B3E407F1E78B5A240AEFCB6
Reporter c_APT_ure
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedENT.133.29464.16044.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-17 21:12:32 UTC
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=j4gtageftjx75aybx7m5y4lmydcjasfwoatudathqbevahesjxga._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
3a865f21dc1c62ee31df28d89094e9e95d480e2bc6b75b3a6543b2906d975a61
GuLoader
93b8ccba207f183060e4a2988269a31456b9f44d5729d9482a9b901cf0deed84
GuLoader
a189b653beaa02ee38f4496b0916d881ba0c073f87208a5eea20f70ca036be58
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b267c228b488319e3514de6a929f16f55e18cf8ac9924f2989b199ebe6b51a59
GuLoader
b8565239fc984ae11a613ad6a80eebcf3e006125c8e6240583a0365669c32397
GuLoader
bb19d9c9c18233bf65768ed3534766ae87ada589f6223d015c47d5e4c2523d64
GuLoader
c5ef77c9b5293774ac7a58fba97cce6a84d3948af08b014a08c155e978c09eef
GuLoader
f8dec47c69d225551ae101236be38ea50944b01e14f64a8e5d4758c8e20ec6bb
GuLoader
+ 514 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4f0d3018859a6ffe8301bfd9dc716cc0c49048b670274182678049501c924dcc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments