MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8a3bc41cd895dfbb83b1f71dde6f25cec8d09f8506602433546a52f0e4565afe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8a3bc41cd895dfbb83b1f71dde6f25cec8d09f8506602433546a52f0e4565afe
SHA3-384 hash: 9aae42ff2924eac29d727c879149290476a439db41416939d64f3b3f77ba8aca39fcd8cf1f5decb6caa7d957212138b8
SHA1 hash: 7eec3472453104bb143cb19b563193bdff8a9ce4
MD5 hash: f1b059ba9d46fe3dc3cb973d6b0d421d
humanhash: equal-mango-kitten-mike
File name:NEW PO-STN304202011.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-04-03 11:35:52 UTC
Last seen:2020-04-03 12:33:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c08cc2cf7e6c82aef53e5eeb8241fca6 (1 x GuLoader)
ssdeep 768:N5+sQVnc0+dds3vzkwATMPiNerYuoEBNYykoaa5pTHBAV3S:LJfdds3vzklNeFoUNVzHBAVi
Threatray 680 similar samples on MalwareBazaar
TLSH B8A3E626BE50FD50C0140AB29D7BCBEC5125BC30ED15AD07B9C43FAE3AB1685B961B1B
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.VBGeneric-7647851-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-04-03 12:39:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ri54ihgysxp3xa5r64o543zfz3enbh4fazqcim2unjjpbzcwll7a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0e29e2d1a0dcaf0555bab1cbe36992a89271f4cd16cdba3d3e1f4d79e9e54fc2
GuLoader
4b5e08d727e3e43db31db4f514737a9ac90088bb581df44beb9c0ca2c0d9bb07
GuLoader
5dbe09570ca27d28729eb1ad2da43e91349226a7f1673c07bc88411f773d7edb
GuLoader
5f4c8829df357db3002865e2afdceef666037b4b55add9b3f3f9bdf604887761
GuLoader
61b6252c6e94348dfb52432de874d4784801bbf11016af055d2b625c1ec65463
GuLoader
6a9263966518a0954d30630177c32a28fa2dc297e154cc453d964034374b1009
GuLoader
7c267f393664ccc38c7a4fb521587e77db7fc7e3a157a9ef5c19783f03a67c76
GuLoader
aa86ebd21260a261bf857d9ee3bdd478500e940334d4d2deb6c93ccc066cc8af
GuLoader
b91a177c3cde632c9d8d0c2b65bfddb55eedcec8d660060231acd4aacc821d92
GuLoader
f68b6c1084b9721e012f6bcfe47383004ef4a1efa7fe49df9014576c6a3233d8
GuLoader
+ 670 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaFileOpen
MSVBVM60.DLL::__vbaErrorOverflow

Comments