MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 70041cbec1ec2f2daaa69db5b81dbf780fe796192d0e9620ad8bba56b45a6d22. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 70041cbec1ec2f2daaa69db5b81dbf780fe796192d0e9620ad8bba56b45a6d22
SHA3-384 hash: 6b3d2d0f5141b017f1410438b5d9f050845a023ffaa7461be8d8a26d1d5b53febac93b74e43c422717af9a4b9da1aae2
SHA1 hash: dc9176caa4cbfb9ada8c79611850627f5b04d6c8
MD5 hash: 33e61054f5214fabf000281f0652c053
humanhash: wolfram-fish-west-johnny
File name:Broa7.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-04-29 06:59:02 UTC
Last seen:2020-04-29 08:01:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c6c953e06fc9ebd1dafeac48e802bf17 (1 x GuLoader)
ssdeep 768:0zYWWMxxxZ9n0bFHTJBLYkd+7BOcSfKmgBKgNit:EWs9sNauTLak
Threatray 146 similar samples on MalwareBazaar
TLSH 12731AA2B148D073C2308AF46F32F7F415DE6D706E64C92B38857B1F2A35EB95690267
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.LokiBot-7726479-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 05:10:43 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=oacbzpwb5qxs3kvgtw23qhn7pah6pfqzfuhjmifnro5fnnc2nura._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
102a406e2b148d3dff10dc067b37c4cfbe7594c9e10dc3dc2d3b13b3c908678e
GuLoader
277ad2e30607538075324d56c194f6256f2a37245f952038d709f237545bf0f1
GuLoader
3d4b5ca6cf89ed481dee43c1b33dfd03c0863631efbbce57f1d678341f827872
GuLoader
62009eba5623f35454d0d19824c688a0f1fb45dfa88516a3999680f984bdf1f7
GuLoader
8eb33d0b08f137c3aa3f66d5afe0188b9b60458f95ecf8a2f2ca3815059e2fca
GuLoader
8f33b384251c871f6061fcf7d092dd5708cf9b9e0ff92dc09bf3bd458c6cbdb8
GuLoader
c0b1ba178d886a9d71fb7ffd5b169bf023021e13c545e3cd8d15461221dd2006
GuLoader
ca73b141e59412b434f105fef26227cea43190fbf99e7be806f00b9b9f7a9428
GuLoader
d4d2c82cdc75f723e08d6139593a5a651e75e74b885acf480fe41c239d99e548
GuLoader
f52e553ac38124b5eb9662305ddf404df6a8c68d9287137c938a920eadeebe0e
GuLoader
+ 136 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments