MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85a143f34f286cd9c586a4b7abe97fe012b529f90a940852cbfadc6c9494c4b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 85a143f34f286cd9c586a4b7abe97fe012b529f90a940852cbfadc6c9494c4b3
SHA3-384 hash: 7cbf924587fd73cdc09f30454a92d2a26bd0ae7cc7c3f2e8069b21fc9cc7e85947f67dd2aef79b12b5b1b2ec39fc15a7
SHA1 hash: 6defe2ca5bb03f1d21d75a25a1e4b6a80e54132b
MD5 hash: c4deff7d27d0329a7198b030e01ecbd0
humanhash: fish-mississippi-princess-winner
File name:Bidding list Mar 2020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:118'784 bytes
First seen:2020-03-19 05:53:02 UTC
Last seen:2020-03-19 07:42:55 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1a3319dec6ee8a00107dd337845aa260 (1 x GuLoader)
ssdeep 1536:Xkgg9ILwJZvj34PmEDXWgJ6xsDSho0lsWL0z6hJ0qqEOi8:5g9ptcuiKoRU0mhGgOi8
Threatray 483 similar samples on MalwareBazaar
TLSH D6C37D82F790D577E129863EAC47E292050BFCA469D2D54B39987F2E7AF40B1CF1D610
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Vebzenpak-7639837-0
Create hunting rule

Win.Trojan.Agensla-7639840-0
Create hunting rule

Win.Malware.Vebzenpak-7639843-0
Create hunting rule

Win.Malware.Vebzenpak-7639845-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-19 17:33:07 UTC
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qwquh42pfbwntrmgus32x2l74ajlkkpzbkkaquwl7logzfeuyszq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1891748c2fd3821e15a519b10a34bb5372fd5601ad57fae537e4ed41ef593163
GuLoader
2aa324195b641499159816aa2ba8f40f6c5d971bcbee5a753d330df383867248
GuLoader
4f0d3018859a6ffe8301bfd9dc716cc0c49048b670274182678049501c924dcc
GuLoader
5c86fcf32d1f15a745dd2f39989630ac310d1aee52af7b5f762f75f8855879ab
GuLoader
7668dd3d27c39ec8ce85cb3476a698df945e4eb061a8da9d1f8b580083707044
GuLoader
81bd7f9b814b466a614b8b165ef83081e2ea36f8bcf08b59fa7f9bbbad22c80f
GuLoader
89210ae907c9573298a900f88b97082c190618d64ecfa37eb5afda4615629475
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b289e7a3e27dfee54ea6a2610a3cc690b96d7dafec31756401349935e3d83202
GuLoader
f1ba59863abc7d03f67577aa4b75ab121608c76433981f394651f2b327914e9c
GuLoader
+ 473 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/85a143f34f286cd9c586a4b7abe97fe012b529f90a940852cbfadc6c9494c4b3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments