MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 70dc4e915dc7879d45c54a5936007d5425b6c82be49974a0a4ee2076390bd272. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 70dc4e915dc7879d45c54a5936007d5425b6c82be49974a0a4ee2076390bd272
SHA3-384 hash: af2ae849ce0954cbeb21d9dad71694a26e0e42eed3fef89e1cc436775dfc65330518b7166aca208fec01d64008a341dc
SHA1 hash: 9f7539b96be2561a86a2f6808606dd83fbc9d7b1
MD5 hash: 2739865245e2cb61dd253dc59c8755da
humanhash: whiskey-mirror-tango-missouri
File name:Shipping DocsINVPLTHS0094587.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:118'784 bytes
First seen:2020-04-15 12:29:01 UTC
Last seen:2020-04-15 18:23:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0e07a42fb0c29c491b44a3da0c2ee2e4 (1 x GuLoader)
ssdeep 768:qPD5f3FhL6rr/HUVdGpnKBjnN9RECTn9/UJSxdjTLmd5MLlBHgSQuTDkFE:StfY/HUfN9R/nRUcKd+LlBAZrE
Threatray 86 similar samples on MalwareBazaar
TLSH E1C309917AD8FC52CA1A45B31F78C7F80569FC30AD416A0B30C73E5F2672581B962B67
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Fareitvb-7670264-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-04-15 12:35:23 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 30 (83.33%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=odoe5ek5y6dz2rofjjmtmad5kqs3nsbl4smxjife5yqhmoil2jza._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0c780ce6cb4281a12cf329e18bdf36b987e34dd15379a4c2f6f8e03ba56e13be
GuLoader
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
30ffce543f13fce23c61f63f8a6783b1c3be723377cb13e13bf033cbff8b904b
GuLoader
34e142c3ca75844c48639cfc8f60513d23c02a65addef3bce69f5b49b34277a1
GuLoader
37e732320afe6794f90346eee9adabbf572038ec36c4559aa033e2bfad06385c
GuLoader
6a690f7baed1b42a2a1503838fd5ef1e0c231ed85036e77180cdc6aabc19615e
GuLoader
6c90f16a6932be921cbb44b9e4531cf36e5ded6d5dd0016c4309a56ab8a96461
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
ef8f03a25087eeab581d8439a0a19ba7148270d2210d479c1d6867fac69dc813
GuLoader
+ 76 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd

Comments