MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6ddb553adbe57cb5a08a5469aaa1a8f1b8e53a34e0b0c9535684d14cf3eb4ea6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6ddb553adbe57cb5a08a5469aaa1a8f1b8e53a34e0b0c9535684d14cf3eb4ea6
SHA3-384 hash: 9005ccdb7b633671f48b21d7a2aebeca06fc06156cf871167cbc4d8c80ab35cc293b730ea799fa352af6cd3660f615f7
SHA1 hash: 7c2a2559096f8cc15cfb9c3f443284728076b392
MD5 hash: d061d349d93a2d5e764c04762586b642
humanhash: cup-finch-network-salami
File name:PDF_97F6D.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'728 bytes
First seen:2020-03-20 14:54:50 UTC
Last seen:2020-03-20 16:34:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 8881101e2e6996a339e0e12354a32856 (1 x GuLoader)
ssdeep 1536:dO9VuWujWCXsLMBhe/SnZhe/SPMAjWCXsdVI:MVuWujWLo+/Km/lAjWLdVI
Threatray 1'169 similar samples on MalwareBazaar
TLSH 85737C22E3A0C527F99145FC4ED302F915226E19C7E57D8F4E0DC94E6CB1EAB88292DD
Reporter c_APT_ure
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.MulDrop3.12449.13972.17693.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-17 21:09:54 UTC
AV detection:
26 of 30 (86.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nxnvkow34v6lliekkru2vini6g4okoru4cymsu2wqtiuz47lj2ta._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0c69b80c225b95161ab357d6a35bf54846167a38bea69de84371c283ffcd0a8c
GuLoader
45ccf8e379c900f0c7496e4debe1ad4550256f6162383baba5f1344e5d9ca250
GuLoader
5199bcc83cf3eb34e56478868237b872fe3795b3ee5b04395ac805a98425801d
GuLoader
73734a1299a26708c8137b3c10bf6f8b78b2881d535451166eaf32a74cf05724
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
ce7fab69a6c10146ac89e121fbe204ca424cd886c4763674eb2e9260b2f6b722
GuLoader
d27db19db72691d403d38243719346bca79efb3f81b6c44d9fd3cd9dfff83b9d
GuLoader
dc4e1c802da2d466553edf5214995a10c49306b9dd9d87a90385c7f20f29adca
GuLoader
de5da2008e231c60a227d6700248953651e0242542f07027e400760283b91d42
GuLoader
efbf4adb2b50d1284084841e1d5c1deb99a69d979fced2d2a5675fc666e3b76a
GuLoader
+ 1'159 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6ddb553adbe57cb5a08a5469aaa1a8f1b8e53a34e0b0c9535684d14cf3eb4ea6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments