MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 54a1f9c8f39feac2378a5e2221e95dc41167cd80d541f448e0ec3e347f183029. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 54a1f9c8f39feac2378a5e2221e95dc41167cd80d541f448e0ec3e347f183029
SHA3-384 hash: 6a34d4689ea35479e191070073326a4d18d8eff808d42cf949b8ef409125828876d7d71d8bcaa80cc0c7c559fbb02bc9
SHA1 hash: 1be61b6616af5e4133c550ab40d4a377d374dacc
MD5 hash: 32afc80f1419d5fb8f9d1e863314edf4
humanhash: magnesium-mockingbird-beer-leopard
File name:PROFORMA INVOICE 5974080.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-04-07 04:52:48 UTC
Last seen:2020-04-07 05:41:28 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e15a8914a57eb63f6ecddb92b2908a20 (1 x GuLoader)
ssdeep 1536:ZS1YBzP1btuKXVee5dINkhTgEPuLmSYN:WYBznVeeRTBPj
Threatray 1'199 similar samples on MalwareBazaar
TLSH 4F939362F964FED2F9044EB18D769FEC41E1FC34AD056A03B9C83B6E78702417A51B86
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Steale-7650676-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-04-07 00:50:15 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 30 (86.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ksq7tshtt7vmen4klyrcd2k5yqiwptma2va7isha5q7di7yygauq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1224967aa7aa8b416aae37b76dc075255948fcf66a6986a880dd00f0ca17737e
GuLoader
14885a4bfd76cdb49db108d03ce3a8c88c301c786eed577606aaacc49d673bfa
GuLoader
4cab1aacfb805a94301d5f14ff07c8a4c07cef2b81897c19fd35a04c5cfe2b68
GuLoader
4e49f8ed15a69e1147ae9428c9e5b4d4aa928769f261627abc059d2060e94a6b
GuLoader
4e7757f18ae0c6aeac44ed49de53657e81d46474c75c431b291e3e5712b94045
GuLoader
6617979630def30c8a103baceedd1ddb972a53b984de91682aa93451faf833bb
GuLoader
726156ccca0ba0077df20db0e438db482c7197d69453b890332ed69a9e509352
GuLoader
7848e6e1c38a88fffa92f4ef02ecbf2ac332f2c12a42b04f6d0ac186ad815c21
GuLoader
c18c647694bc85d12a66e7c15abdc5c116ba95872c9fcfac1bfc29c6927c9783
GuLoader
d9073504ba97540b65006d851251f330bcfb130500daad9a7f8616cb5a6a9ba0
GuLoader
+ 1'189 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments