MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 50a4a0067a0756996b12da1316f2574a16316d050b675114c8ae60c35e99cf5b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 50a4a0067a0756996b12da1316f2574a16316d050b675114c8ae60c35e99cf5b
SHA3-384 hash: 1284a075512fa289b166c29f630af2c5252235e6f7853cde7edb4a3184bceae33c7a88e4be0626f913866f3972cf5315
SHA1 hash: eeb323ebd208aabbdeed54cf5bc700c6aaa03be4
MD5 hash: f3262f8b9021907becfddb67c30c1fc9
humanhash: timing-floor-iowa-music
File name:invoice copy.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-03-31 15:46:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 693b1bb51478ce10ae341d9462967b82 (1 x GuLoader)
ssdeep 768:YjfimlsuJ1HRk1DKyM6l8VSm4L/s4hgYiatZmMsG6Jw8+wNKI+LVo1:Eiml71xk1zjWVxmswgYiatZGGe+wNWU
Threatray 1'070 similar samples on MalwareBazaar
TLSH 5493C712F9008CA8D1284CB68B7697CD13557E356E1DAE83358D3EDF7BB52507202EAB
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Gen.NN.ZevbaF.34104.fm0@aChy23fi.31555.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Formbook
Create hunting rule
Status:
Malicious
First seen:
2020-03-31 15:45:58 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 30 (80.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kcskabt2a5ljs2ys3ijrn4sxjildc3ifbntvcfgivzqmgxuzz5nq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
09476389f92f23216cbb99cf3dce7e07deee2fdc29d63b066aef91e9b1a78197
GuLoader
0fc76f1453db81e8fa50b7e685827e0f5126c25c91de2a25552af3273bb407e9
GuLoader
1c7aee0fc8ced2b774aa4a05c4a00228dddb3c9768afa1f8309f8e188431836d
GuLoader
70d577aba943b783ec606abcfa912bf97c9fd4f22d5e46ff1d718d350a8e4fcc
GuLoader
9bebd6b8400a02ec36958c8cf06d3abc659b462d482fca3df8a3a64e42b3e234
GuLoader
9d545cae8b73e11800aaf794b2919bb8972511e4e217eaf1a51c3f38c17bb412
GuLoader
a6cc856405546af76f769ae3148e782571675af436ae9701c17d081266d6c835
GuLoader
b289e7a3e27dfee54ea6a2610a3cc690b96d7dafec31756401349935e3d83202
GuLoader
ddf6f04276c1d976e62e199e6c928fb7a3d7aaec455a1859f8d8f605c89ffc64
GuLoader
f1ba59863abc7d03f67577aa4b75ab121608c76433981f394651f2b327914e9c
GuLoader
+ 1'060 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaErrorOverflow

Comments