MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 67aa5b86db90b286266d57324824825453a9db72b15414ee064dbf01085d00b4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 67aa5b86db90b286266d57324824825453a9db72b15414ee064dbf01085d00b4
SHA3-384 hash: dde42fd1894cd64d5ba98672ceb93e96d1cd4a1d96483def8c097ab8645ac70d8d7bdfca4d06a6fb94890369c3f36f7e
SHA1 hash: c4d282c7bc55d620fd1e7e9fb5d088ba61df40e3
MD5 hash: d983aedf552ab874d69a4ef0981515ce
humanhash: kansas-mountain-four-berlin
File name:JMD_INV 6000019430.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:225'280 bytes
First seen:2020-04-21 05:07:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 86f70ee7d24ce90f1e6a0e452d6e02ce (1 x GuLoader)
ssdeep 3072:yD/xdnZ/ueqslevwsYRanf0pYKZ0KzFYLKyXdEtGxfN5zVWaUACni0yAmuzXc/PN:yTsFL6SSDUBZ0
Threatray 312 similar samples on MalwareBazaar
TLSH 4824F885AD789823C7184630AFE6E7BAC24C7DD0E9D5CA0F2080375EAF33785656652F
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Generic-7678438-0
Create hunting rule

Win.Dropper.LokiBot-7678947-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Frs
Create hunting rule
Status:
Malicious
First seen:
2020-04-21 05:36:13 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
27 of 31 (87.10%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=m6vfxbw3sczimjtnk4zeqjeckrj2tw3swfkbj3qgjw7qccc5ac2a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
035cca1ee500852ef7fda67e60c373ed2a57756c5fefa60ba7a05aae5b9021ab
GuLoader
1d67c5b17b0115be9c9213910f41e052d520c7f86a5b9373f145f8c5f2ded8e4
GuLoader
350b35550e10e3ed50b1337e8899ab2eb9c9cbae7c077027f52bab3c5266bb84
GuLoader
4adf106d80dd2be5d8ea333dcc3a1d06770e4d913b25d05616247f9c66f99484
GuLoader
5f845094f591cc548f669c31a1cbd8466bfe37bdd890d12e535afd73242d58a7
GuLoader
7ab96517f6852c124c82edf441496b2f005b11a4d1feb92f9cbfa2a2bffd1acb
GuLoader
818a7b0f2761340c423a9feabe5aae7fbf96129316ae4b0a11357cbaed344bbf
GuLoader
bf995a7e9baf77fa301cd9af7adece6147bff5397246ade2643b9305395a5612
GuLoader
dea51f7f074a8d9b0e30626e11ca4a79de602da24ba64d0222ee1162a5fbb5ba
GuLoader
f2f28583a4690e1bc531879d34c4eeeeab62a88ec34e204b77428a640c0d00fa
GuLoader
+ 302 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments