MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4fb3528f5fc1a30b03cf69920e1db68cd4943c1c303a09cac0723a10abfcc378. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4fb3528f5fc1a30b03cf69920e1db68cd4943c1c303a09cac0723a10abfcc378
SHA3-384 hash: 0ebe05f317f90e6830933fffcc53205eec8d0b7183ed6bb607f0cb4816b674c62e1b5ae396bfe21c366cc2bd5903a30e
SHA1 hash: 895fda2ec96419e017bf29ace86ac3e3be205f5c
MD5 hash: fc0ca82d803f5fce8fb8add2292b16f4
humanhash: blossom-california-oven-lactose
File name:SecuriteInfo.com.Trojan.DownLoader33.21653.4812.16284
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-03-26 10:38:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6e7f8eca4a71ea205a8d4be09e4b17dd (2 x GuLoader)
ssdeep 768:MKEGta7SZ7I8T4pBE7RQ0rbO25ABYv7ueXgVsKeH0TajzjqP:MKEGs7Cs9bElbL6Sv7HXtH0ejzmP
Threatray 1'450 similar samples on MalwareBazaar
TLSH 5EA3A4D2A2A09DD7FC4484730A464D708AE7FEA34561975328C23A2E0E37BD358B635F
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

SecuriteInfo.com.Trojan.DownLoader33.21653.4812.16284.UNOFFICIAL
Create hunting rule

Win.Dropper.NetWire-7670275-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-26 00:21:05 UTC
File Type:
PE (Exe)
Extracted files:
8
AV detection:
23 of 30 (76.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=j6zvfd27ygrqwa6pngja4hnwrtkjipa4ga5atswaoi5bbk74yn4a._file
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
032624661ba64ab1c3ca40a7a47b3635ee6b6a3442ca6bfb7a41a4a8de7b0fb5
GuLoader
2bd30faef9e89799bc33f076afc8f3521bc84018c8e27829e8f475ee1c8dc13b
GuLoader
3df464cdb09ec8aed7589b31541a291c9b921f49b2cc97aa34d363161366db8a
GuLoader
5cd5f57afb04ba3ce4e5aaee5a7fa7d10b24a334e30911a49a4cc4cb52982848
GuLoader
65bd5f3bc433f60bfc5ea392aaa33539592d657cbe2d316b25b24c9e12c225cc
GuLoader
844fb0d61ff2be56043914797b2e0123e111f616bbd743e3ecfee5c340651146
GuLoader
c76654971c4af60511d3583a3bd00c673904569aa93973687e14e95b9e80de6f
GuLoader
d3aa9fd1ed4af3cc3a49e612b93a03f799ada340c1c086f7403448fe77115bb1
GuLoader
e7cf4a0d3f94afea480bf5e64a658029d02191330244697ba9afd81dd5b56386
GuLoader
ecbbdea89347df30a9575353b8886499a88d30f5606f60c922c62e4a56637c74
GuLoader
+ 1'440 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 4fb3528f5fc1a30b03cf69920e1db68cd4943c1c303a09cac0723a10abfcc378

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/330182/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments