MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5f5a9e4faecab33e7e4d15212fc14a8357bfbb335afa0e15ae2310d15aeb65bc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5f5a9e4faecab33e7e4d15212fc14a8357bfbb335afa0e15ae2310d15aeb65bc
SHA3-384 hash: 4297b7652b684399335d89ef8d33d4decd60ee7259bc7c1aee315b4806374e5263f85a6f9d17621e400c13e7529e4fd9
SHA1 hash: 5286c928ef3a82605f9082c377e45d3ca12aba0b
MD5 hash: 38aacb92a90c69499c29d116c529f7ab
humanhash: eleven-cardinal-tennessee-ceiling
File name:proforma invoice.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-04-06 20:12:07 UTC
Last seen:2020-04-06 20:45:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b2e7dbc7c45a3eb9871ae87ee2b6bab7 (1 x GuLoader)
ssdeep 768:FKUtF6lk16gBveqTmMRJTXFXqEZ6m7+xupTlyba6:FKUP6lk1BGq3jXdh0m74eTlQv
Threatray 1'278 similar samples on MalwareBazaar
TLSH C5A3D622BA64FDC1F8044F718A769FEC84E5BD74AD006A47A9C43B2E3D39141BA61F17
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Generic-7650632-0
Create hunting rule

Win.Malware.Generic-7650850-0
Create hunting rule

Win.Malware.Generic-7652320-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vbobfuse
Create hunting rule
Status:
Malicious
First seen:
2020-04-06 17:53:00 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=l5nj4t5ozkzt47sncuqs7qkkqnl37oztll5a4fnoemincwxlmw6a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
006924d99c0d423e464f5b8d0f594550d96b5d312549d1debe709a5298faf4aa
GuLoader
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
760e82acfcfdb3f7a2ea01cb32a21562bf98d4855cca19710aabd4af329aa809
GuLoader
7aba1804c8bccf9746f58c4a60ef410eba465816c6e7d51add5aca48e53f16ce
GuLoader
8e0a0197eadbdfea56a208c154e22edbd19dd23e429a75a93d5cd05560ce7ff6
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c6f428373659b634d0f0a9f23c7afec8a4bab7ee2161582708e76539631bc708
GuLoader
caf2d5a1f94824ae9f51e8ad1bcd06f57f1ca1c84e14a228593659de6347c9c9
GuLoader
d565e5eb7c20303a5cef7c842e3f8c0506dd75d2b9dd3360f1cb463e7d248e44
GuLoader
+ 1'268 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaErrorOverflow

Comments