MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b9ba311bf0eebf151a0146d7e43c40e2b98929a07dcffc6f286e21558487a4e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5b9ba311bf0eebf151a0146d7e43c40e2b98929a07dcffc6f286e21558487a4e
SHA3-384 hash: ba07a551c38cd5512aa410f21a3c2e7529a3fa9f5063738a4dfbd9e6847fee05cdde0f046cbe04cbb333bc4499565212
SHA1 hash: ac2f12f88022a82791b18b9f6e76ad0b53cd2aaf
MD5 hash: 17fb43a6d155abdf3285254082921668
humanhash: tango-magazine-happy-oregon
File name:DOC (4).exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:217'088 bytes
First seen:2020-04-23 13:26:28 UTC
Last seen:2020-04-24 04:16:41 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0c89c5e327f97359213230e5cf7e438d (1 x GuLoader)
ssdeep 1536:WL8/A31mAnIRf6u6HxHP8gnW6ikC8pskGY87yg+7EA6MpIKw0oLXTwl/Rq:WNlmJ69H0gRDZ1xNEtshmXTaJq
Threatray 337 similar samples on MalwareBazaar
TLSH 1724F4416C70D827C7184631AEF6DBBAC3087DC4D9D19A0F20A0B76FAF33686196656F
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
8
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.VBGeneric-7684160-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-23 12:54:07 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lon2gen7b3v7cunacrwx4q6ebyvzreu2a7op7rxsq3rbkwcipjha._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
350b35550e10e3ed50b1337e8899ab2eb9c9cbae7c077027f52bab3c5266bb84
GuLoader
45210d41713353f0aa2104a2c112d0721d0f6373bbec7a82466f65b2ed9e3d85
GuLoader
4adf106d80dd2be5d8ea333dcc3a1d06770e4d913b25d05616247f9c66f99484
GuLoader
504cd8dcf16b6e6b55271ef9bcd8603916ec5f81fdeb0615e3c970954d50a7f0
GuLoader
5c8de7c3ff4d9ad542fe30c13e84cfe205122faefb6427cf7323298eb47ab0d3
GuLoader
87118544ccf437b351bc119d8e33b9f74fc718c7b4c524ad37d8153bc1f043ee
GuLoader
c5f668176f1cc10b8351eaf2813cf2b2c07f5233eb39b319ef99afbf4179dd33
GuLoader
c882cc422e4039600b31e53e369f05b29dc9dd38cab76facef8a42adc8d326b3
GuLoader
dea51f7f074a8d9b0e30626e11ca4a79de602da24ba64d0222ee1162a5fbb5ba
GuLoader
f2f28583a4690e1bc531879d34c4eeeeab62a88ec34e204b77428a640c0d00fa
GuLoader
+ 327 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments