MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7668dd3d27c39ec8ce85cb3476a698df945e4eb061a8da9d1f8b580083707044. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7668dd3d27c39ec8ce85cb3476a698df945e4eb061a8da9d1f8b580083707044
SHA3-384 hash: 1672aae8d4a421a830adaf722a9bae016f4ef335f6be02a6b46a78410171616805d6ea95d08fbbb829be5d1b2aef00c6
SHA1 hash: 4e2e49b38f4ec498b44740f3d36d902cf4126f1e
MD5 hash: d00016b8076befaffdb9678aa83307a8
humanhash: four-cat-robert-asparagus
File name:New Order.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-04-03 04:59:44 UTC
Last seen:2020-04-03 05:31:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f94615ce87b9ad4c237ffdee272723a0 (1 x GuLoader)
ssdeep 768:FsxppZDiThYtMvU9SEJXoy0RI/tXPyo4IuQ291L8QjbuYDcS9UGTL7/fP:GpyTq2TRCjH21LPbuYDxaGrH
Threatray 1'057 similar samples on MalwareBazaar
TLSH 48A3F712BA58FE50C1088EB18E3AC7EC4125FC309D146E07BAD17FBE7A71594BA51B47
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Generic-7647392-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-04-03 05:35:41 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ozun2pjhyopmrtufzm2hnjuy36kf4tvqmgunvhi7rnmaba3qobca._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1dfc1867ced521cbf61f7bbe647e8a6e5bdd3a05e22c05dcee20660e236d5812
GuLoader
54dd660151b98bcbe222d290c2407d654786b72bc2bcdd0293cd8741a1e20266
GuLoader
5c86fcf32d1f15a745dd2f39989630ac310d1aee52af7b5f762f75f8855879ab
GuLoader
884209a719966f7d043193d01453eb707f176dab896173c493097f09940ded43
GuLoader
9bebd6b8400a02ec36958c8cf06d3abc659b462d482fca3df8a3a64e42b3e234
GuLoader
baeafce74cc8a5c40bd2b6ba2e38312834e48f23f655cfae1d1ae8e78e375b84
GuLoader
d725785ec3970b75ecb17a7e5ac14d93ce7a54d259dffc74e8222ed8cfb8b6b3
GuLoader
da40229062dc045460d3adcd70e42d15378ec4a83fd93738b30a59f5fab8da10
GuLoader
ddf6f04276c1d976e62e199e6c928fb7a3d7aaec455a1859f8d8f605c89ffc64
GuLoader
e138622ca793f4a546496b40dcf406a83aa667d16fa2a29879d8282a39d6e7ff
GuLoader
+ 1'047 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments