MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5ccb57aee84a40da7ec9dbd4f06beca1f636964c4124db36666ecccc3ea7b389. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5ccb57aee84a40da7ec9dbd4f06beca1f636964c4124db36666ecccc3ea7b389
SHA3-384 hash: 74f65b6930ecba0a03f82824e76c3f9a3826f840f476564069972f238b1bef2d3f9081abde42ee46089dcd7dd64fa679
SHA1 hash: ef6143951b20ac07a7702cfc362d38ceb258e78d
MD5 hash: 12418ee48b6e8e67e494d7626db24ec3
humanhash: green-jupiter-montana-papa
File name:5ccb57aee84a40da7ec9dbd4f06beca1f636964c4124db36666ecccc3ea7b389
Download: download sample
Signature GuLoader
Create hunting rule
File size:151'552 bytes
First seen:2020-03-26 23:50:08 UTC
Last seen:2020-03-27 01:42:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6091c566a6b0fb95bb1a98cc0c385612 (1 x GuLoader)
ssdeep 1536:tEe9x/lBdE4/zTcuqbmsaTpcUhBlJzx37inQyb/VlX2WZml59KDU:txjdj/UxbHjenJr7
Threatray 1'269 similar samples on MalwareBazaar
TLSH 75E34A377514AA46DC528A702D02C7E75A2A2C207C78ABA377AD7B0C9C75E17BF70352
Reporter Marco_Ramilli
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Generic-7647092-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-27 00:35:34 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ltfvplxijjanu7wj3pkpa27muh3dnfsmiesnwntgn3gmypvhwoeq._file
Verdict:
malicious
Label(s):
azorult
Create hunting rule
Similar samples:
12826d5302af642e1152b7b65718d7bcd1deca268630fa61444f131575795589
GuLoader
15145ed8e5ae3cf2acf9ad25bbcb3f782c4d8ba9674185d06baa66ae6d17f25a
GuLoader
35a26a7cc7d31b595a3931172ed60e34e50bbdc56c848d617cb394146e09a8ef
GuLoader
3750e0bfaf53a33e529a468f70780145efff95d3a8c5ec998be59362bad5bb05
GuLoader
4bed372d49cbb980146b1900cf0e641d7e5e9a72a25afbeea28ff996cb93da5a
GuLoader
68f66dd88b1a69a8ff2e63cca5e4554e1b147ccd2474d356b60a749c21412fd4
GuLoader
84f409f8aee0cf253fba68ae4027348449045f7bfb8723ac8fe0336c21c0b0f6
GuLoader
886cec0fe0e68cd029b2f082e65009e46205d4f4fefa5d70923031ab5982fbc1
GuLoader
e2abae4267245cb93260418bba01d4bfb7f084cb552846cfac532b10e636d19d
GuLoader
eece64fe2e9e21564eb410e0d750e9cc605f0b4c437c5b90d9d2ae0ed10ceed9
GuLoader
+ 1'259 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaFileOpen
MSVBVM60.DLL::__vbaLateMemCallLd

Comments