MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 71eef57b92ab53e8c87a1ab66cbde8025c2a48e78cbf041bbef3f2b5f0871e31. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 71eef57b92ab53e8c87a1ab66cbde8025c2a48e78cbf041bbef3f2b5f0871e31
SHA3-384 hash: 85f39ca6dc5a68631bb80bc0217fce571084f197b10317849b4c5306809a485d29eeda00ebbcaaa640db04fcdc6f1719
SHA1 hash: 8f3041e19d2e8eea5f35737ca0735ca0275ad7d7
MD5 hash: 5676da83d72f6dd45a720b515c9b8972
humanhash: moon-charlie-william-gee
File name:Tinkrusetl5.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-04-07 04:51:16 UTC
Last seen:2020-04-07 05:41:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f9e59da4691b2e17a92165f765e3370f (1 x GuLoader)
ssdeep 768:FBNyf8hVtb3SZ0D4apJ6aMdGNVohdOnE/fY7h4AGsDXuJ:PNrhV4ZawNdGNuh/wahl
Threatray 975 similar samples on MalwareBazaar
TLSH 9FA3F616BE90FEC1F4045EB18E7AAEAC45E5BC30AD016A07B9C43F7E3834255B661F46
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Generic-7650850-0
Create hunting rule

Win.Malware.Generic-7652320-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Minix
Create hunting rule
Status:
Malicious
First seen:
2020-04-06 11:02:07 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 30 (73.33%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ohxpk64svnj6rsd2dk3gzppiajocushhrs7qig566pzll4ehdyyq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f
GuLoader
37d7bba1bacdbcb35e301c1fc391449ea84d1203ca59a8b1f1142acf4596e032
GuLoader
3e487a6e78ce053ac4add56861cd380be9c2920d292f83448c0a3f8a814c53d7
GuLoader
79a2240a25ae035c8fb372974e643f276099d86118d018bb6053571cc3d06ce8
GuLoader
81d221135435a226a35c3099f181b6d1b427e72f414b7a8ab89ac8206b2b4959
GuLoader
8869b2576e5e5ebd15edee49935a89a27bb6dee506483a27f805f708d4bf8957
GuLoader
baeafce74cc8a5c40bd2b6ba2e38312834e48f23f655cfae1d1ae8e78e375b84
GuLoader
d725785ec3970b75ecb17a7e5ac14d93ce7a54d259dffc74e8222ed8cfb8b6b3
GuLoader
d7e91c4ae1a0b9f6bd1c2ae422b2d9488949110017b9d06001e6bcd386905c8e
GuLoader
e8dda9e99f125c3ecf5c3ae873ac202105208fd0aafbdcec927005343f02f71d
GuLoader
+ 965 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

GuLoader

Executable exe 71eef57b92ab53e8c87a1ab66cbde8025c2a48e78cbf041bbef3f2b5f0871e31

(this sample)

Executable exe a9933b87a7005503dc8cdaaa5c47c733e12bee1a65f8adfd9563805ea6aaac58

  
Dropping
SHA256 a9933b87a7005503dc8cdaaa5c47c733e12bee1a65f8adfd9563805ea6aaac58
  
Dropping
MD5 645641c37f9404a5f777f30230f953c2

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaErrorOverflow

Comments