MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 65131044759196e12700fd7ee31168c84bdf760ef3a8f421f49fe39ad5177e86. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	65131044759196e12700fd7ee31168c84bdf760ef3a8f421f49fe39ad5177e86
SHA3-384 hash:	c5e60c682e8a160d7c054fb5a30ff9848b6d6910460f54c8b4c8bc9bc4e7e0e570798847773aad175b3173b1624b96ef
SHA1 hash:	0c086b7be44d9011119cbb05d12291fce9f147b0
MD5 hash:	8d6b506c3f63ef01b61a611f85eb558b
humanhash:	pluto-winner-illinois-cola
File name:	SWIFT Transfer..exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	77'824 bytes
First seen:	2020-04-30 09:42:42 UTC
Last seen:	2020-04-30 13:39:04 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	0d3c96394266e77777d3a0ba9677c479 (1 x GuLoader)
ssdeep	384:RFbFnk7bw2Ud1pax86nuzwnKcKNmKPhu6FsUVnHTlK9UUalAJMut8Ji4OHzCyR:f5nk/LQra+4zKcKN720KhKOxt8ABzT
Threatray	86 similar samples on MalwareBazaar
TLSH	D9733C61F76CC972E7568BB08F11CAB80657BC306D89CC1736557F3C2E32A45AD22267
Reporter	jarumlus
Tags:	GuLoader

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Threat name:

Win32.Trojan.Fareit

Status:

Malicious

First seen:

2020-04-29 09:17:53 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

25 of 31 (80.65%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=mujrardvsglocjya7v7ogelizbf565qo6oupiiput7rzvvixp2da._file

Verdict:

malicious

Label(s):

guloader

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::__vbaObjSetAddref MSVBVM60.DLL::EVENT_SINK_AddRef MSVBVM60.DLL::__vbaLateMemCallLd

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample