MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c86fcf32d1f15a745dd2f39989630ac310d1aee52af7b5f762f75f8855879ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5c86fcf32d1f15a745dd2f39989630ac310d1aee52af7b5f762f75f8855879ab
SHA3-384 hash: 9f065ebdc6df288785a06a2898e9f88dd6fe20be45b85b224a86f8bfb31af89d26aab718d3abafed45e6da7012ae1d5a
SHA1 hash: 765671579aac0864ceee94f0f387f5076944c18d
MD5 hash: 004f65cf74786fed79027508c5ea74d8
humanhash: golf-burger-bakerloo-tennessee
File name:SecuriteInfo.com.Generic.mg.004f65cf74786fed.10835
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2020-03-18 13:39:06 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a205e8233d91c85892f439fc2ee2c11c (1 x GuLoader)
ssdeep 1536:1gkGTYXvIr9LcF4zlgxh1XvnV8BleY+O+Ra2TNKeDlgrBVCtw5w:mS/egFIlgzdPjRISlQVMsw
Threatray 1'068 similar samples on MalwareBazaar
TLSH 51C37E43FF50D477D518893EAC47C2A2091BBC6465E2EA4B3994BB2E78F41B18F1E711
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Vebzenpak-7639837-0
Create hunting rule

Win.Trojan.Agensla-7639840-0
Create hunting rule

Win.Malware.Vebzenpak-7639843-0
Create hunting rule

Win.Malware.Vebzenpak-7639845-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-18 18:23:00 UTC
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lsdpz4znd4k2oro5f44zrfrqvqyq2gxokkxxwx3wf527rbkypgvq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1d117728ec260d80f6c6a347c4c32c965c69ff10bd4f08444fc70e82eebb1094
GuLoader
4d0dfe01c27dfd2c35464a3f435cfb4cad6e996d6fc407cc8f10fc0b3d0692fe
GuLoader
50a4a0067a0756996b12da1316f2574a16316d050b675114c8ae60c35e99cf5b
GuLoader
7668dd3d27c39ec8ce85cb3476a698df945e4eb061a8da9d1f8b580083707044
GuLoader
7f95fc08dcdbe713e3a41b5b5d72763b4b3a4c608a1766596c8d055b12b2ee27
GuLoader
9bebd6b8400a02ec36958c8cf06d3abc659b462d482fca3df8a3a64e42b3e234
GuLoader
a465bb38250994671f200d8c66cfc0718354bc8974713ba6f9f3eb15a4acec7d
GuLoader
b1d1654f14052fe13960bbde4280f2f1d34e802293dddb47c971ce833bb5bda5
GuLoader
ddf6f04276c1d976e62e199e6c928fb7a3d7aaec455a1859f8d8f605c89ffc64
GuLoader
e138622ca793f4a546496b40dcf406a83aa667d16fa2a29879d8282a39d6e7ff
GuLoader
+ 1'058 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5c86fcf32d1f15a745dd2f39989630ac310d1aee52af7b5f762f75f8855879ab

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 5c86fcf32d1f15a745dd2f39989630ac310d1aee52af7b5f762f75f8855879ab

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/326354/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments