MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 622b33d9ccb5d78e68c3e8a3e6ca99cf70bf0de7589f5baaf3b1b125e4f8dcb8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	622b33d9ccb5d78e68c3e8a3e6ca99cf70bf0de7589f5baaf3b1b125e4f8dcb8
SHA3-384 hash:	72490812eeaf2ba8d06ef3ae4d778ca4c7b7f42446346bb99ba26df203cf7aeb92e7421277b09b9a6f69c318ae0a6d69
SHA1 hash:	534408632b7c1eb76114cb71e4c1a41269d7c4b3
MD5 hash:	166bb18412f70456d6e5e12e5306bf42
humanhash:	march-nevada-beer-pennsylvania
File name:	SecuriteInfo.com.Trojan.DownLoader33.32373.18367.32026
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	106'496 bytes
First seen:	2020-04-15 11:09:27 UTC
Last seen:	2020-04-15 11:14:52 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	60ff4ff28e6eb0fa359e0bd9f9b2b8eb (1 x GuLoader)
ssdeep	3072:gCaU/SASSSSLxySSSSoZXSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS7A://SASSSSwSSSSoRSSSSSSSSSSSSSSSS/
Threatray	1'059 similar samples on MalwareBazaar
TLSH	F0A3D511B550FDA1C9150EB519F9CAE81420BC348CA97B6736C53F5F39B24C0B693FAA
Reporter	SecuriteInfoCom
Tags:	GuLoader

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Dropper.NetWire-7667577-0

Win.Dropper.NetWire-7667584-0

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-04-14 14:11:41 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

25 of 31 (80.65%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=mivthwomwxly42gd5cr6nsuzz5yl6dphlcpvxkxtwgyslzhy3s4a._file

Verdict:

malicious

Label(s):

guloader

GuLoader

1ca43e5c33edbf126b18cd7603f5674dc45c9aa2d34efa41796a8f0f9a08b947

GuLoader

859cc79621eca1e9b1bc85a569d0ddfcdf83440090e8e4ed7aa8054e2c9c460a

GuLoader

9be235495bd4696901a7e0538b3d96f6996268c67c1b607cdc8e33a794a6a9da

GuLoader

b267c228b488319e3514de6a929f16f55e18cf8ac9924f2989b199ebe6b51a59

GuLoader

c3b88b1d9c86a4f7cb1ae7c8b91d44d67c9c9e66ea51504c3204eb575a668fea

GuLoader

c8ea056cb229cc17d43217a6aba42320468cfaea55d6f9846b5f402bab6b06d0

GuLoader

d2669f09cb9d457a0bb1ebc7db59cc0f53778ebf2fbd90f84b7c3fd587a109bb

GuLoader

f02253cc15ef8590d38f2c623609c3d462c2352da4aab698b3959c8ba4ced4e7

GuLoader

fff7d8c78dd6f34509bde90ea015593f8e2fce0b0022899f96982f0772c6b9b2

GuLoader

+ 1'049 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

exe 622b33d9ccb5d78e68c3e8a3e6ca99cf70bf0de7589f5baaf3b1b125e4f8dcb8

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/340676/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::EVENT_SINK_AddRef

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample