MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51a4f59ddc8c429d6af5e0e9baf6511b8f8497441970e66913bb8823440335af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 51a4f59ddc8c429d6af5e0e9baf6511b8f8497441970e66913bb8823440335af
SHA3-384 hash: 6b2224cbafc481c9e050f0fd4470fd8c70f733b549ae9c7daedb1455bdf3b566d186350a95b35eba58ad74f421a64651
SHA1 hash: ded28a38f108dc084ac87bd31bb0191278999092
MD5 hash: 56557a947a15e0c1bb7226dffa0f5387
humanhash: batman-mockingbird-emma-thirteen
File name:big.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:118'784 bytes
First seen:2020-03-24 19:06:14 UTC
Last seen:2020-03-24 21:20:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b7d4d1e30abf9b4062bf321119a0b2ed (1 x GuLoader)
ssdeep 768:THS0UfgX7a2vHSxJVdfHYaAG4ugEEg4TDV81IYeqo+oUKXwHWEPK:TS0UsIGSPv4dOtet+WdEPK
Threatray 5'188 similar samples on MalwareBazaar
TLSH 7AC35B36F640E855C89A1F7C4D96C6F88231AC316E24DACBBA053F5F3CF6711A928754
Reporter oppimaniac
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.20798.27411.21759.UNOFFICIAL
Create hunting rule

Win.Dropper.Agent-7725907-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-03-24 19:28:33 UTC
AV detection:
24 of 30 (80.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kgsplho4rrbj22xv4du3v5srdohyjf2edfyom2itxoecgradgwxq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2302aa79bb34eb683a91324995a9fb366bbbe55dffb53deee00b842e75ad19c0
GuLoader
2a40a9e18303875b2db452783190820001c898e8374864fec29793bf43bbe401
GuLoader
33414949d9094cd4837b765b9164d860ad6785f06de72cd0cbc99ddef8de867f
GuLoader
51f4e86285f8cb8a14a0d456beed9f15882e4ec7813bc24ff4c20a2389d1ccd0
GuLoader
6b9cb325f344a3cf4dab6eb4c6b8f16a197febb7c50cc12de6a4a6c0e41792d1
GuLoader
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
GuLoader
9a3f18b05ce5e0ad884dc95af226f584d483a91dd15cb895a0cce8b91fb2b314
GuLoader
9e4dcaf1e587af9702c21677d6447f90eff8437573e8400a8668db31d7bc7c3e
GuLoader
b24a5df4c63722afbed1e3807b18fcc065008ec3431de146dbf3657dffa00893
GuLoader
ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
GuLoader
+ 5'178 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 51a4f59ddc8c429d6af5e0e9baf6511b8f8497441970e66913bb8823440335af

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/329348/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments