MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5fe88d0edf17e2bcbbc22d30230f698c5229e31ca58853e9dc86b8e71cc8383a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5fe88d0edf17e2bcbbc22d30230f698c5229e31ca58853e9dc86b8e71cc8383a
SHA3-384 hash: bbb6eadfa66b2f75712c19996b9a021cb125fd29018f84d58f4169930b4e0e046a641535d09fff51b66766e0cc8825f0
SHA1 hash: fdb975e57317e36168b92a4cf95ad3927745cbc1
MD5 hash: 4afd0ab53b0513823f0fbc35cfcd2c26
humanhash: ohio-pasta-beer-stairway
File name:SecuriteInfo.com.Trojan.PWS.Siggen2.46213.28890.4589
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-04-02 19:44:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0ad023f487585c84938fffe3fb15eb9c (1 x GuLoader)
ssdeep 3072:CJVvm4htACGgVgj9QPS/98zUvIMqQNeby8vV:idxh5
Threatray 1'112 similar samples on MalwareBazaar
TLSH D0B30A91B680DA90C0290DF2BF2683EC8138BE31DD48DA4725C53FAFBE755D1A291797
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Filerepmalware-7646386-0
Create hunting rule

Win.Dropper.Remcos-7647548-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-02 01:40:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=l7ui2dw7c7rlzo6cfuycgd3jrrjctyy4uwefh2o4q24oohgiha5a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
15c365dfb62dc041e46ede5ae90f2e0966d1000b5936f0ed5d68f5d10e813171
GuLoader
2ed2a56967e7cb3e18b8b2cb910b9e6d356a52a9b65a05309c36ec62fa09773c
GuLoader
6f47b4825836d58654b05deac55c892825a83e479c406b9b027a0dc6bd8e3938
GuLoader
9bebd6b8400a02ec36958c8cf06d3abc659b462d482fca3df8a3a64e42b3e234
GuLoader
9d545cae8b73e11800aaf794b2919bb8972511e4e217eaf1a51c3f38c17bb412
GuLoader
a570592bf5a21c1f55712fcec60a0536fedabe28b409d9a48fdc499185e154ff
GuLoader
d7162b14867eff2ee6b1c0506f91c4e8c1a1cea0ddae632bd49156a179549772
GuLoader
db740f36a91f4fa311184714bdb059022ba29a054975db509a5bb782eb542533
GuLoader
f17d48c8d179de191e519fa908648b977c09f91803b898d8e4fada52e423a8df
GuLoader
fd70366a0abed417301e2a312927e5697e8ded01a50c830b408978fb61ff9241
GuLoader
+ 1'102 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 5fe88d0edf17e2bcbbc22d30230f698c5229e31ca58853e9dc86b8e71cc8383a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/332580/
  
URLhaus
https://urlhaus.abuse.ch/url/329293/
  
URLhaus
https://urlhaus.abuse.ch/url/316041/
  
URLhaus
https://urlhaus.abuse.ch/url/316040/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd

Comments