MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 99626ac447c880ff6dbf8dbed19bee5ab1da8fdb0b8e1595beda01af67aa64a9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 99626ac447c880ff6dbf8dbed19bee5ab1da8fdb0b8e1595beda01af67aa64a9
SHA3-384 hash: f333ac4c4e9fdf6bd419cec4a2fe453ced1f0e4ab9f034da1e21f1cd4ef22227231291336f8ff5742a0c60629bfe45d9
SHA1 hash: 7a0392488a64e5209c91c67047cb9a3d19f4de52
MD5 hash: 9436b5d76aeebf6010c829bc95cd38ff
humanhash: orange-carbon-edward-skylark
File name:invoicee2.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-04-14 15:05:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 26f0e5b84283bf0fe2a5c2db9732d0c9 (1 x GuLoader)
ssdeep 768:Wu1cdK9ZzgcOEy6rIi4WQMc/xpLYQJ9MX5qt++Rk1Ltdi5ZACU7:D1cdEzgcOxKdcppL9MX6BRk1Lt4Qt7
Threatray 950 similar samples on MalwareBazaar
TLSH BFB3D7527448FEC4D40A4EB25AF3CAD88598BE31AC85B61774D27F5F38B10D07B92B86
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Ponystealer-7648176-0
Create hunting rule

Win.Dropper.NetWire-7667567-0
Create hunting rule

Win.Dropper.LokiBot-7667993-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-14 15:05:35 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tfrgvrchzcap63n7rw7ndg7olky5vd63bohblfn63ia26z5kmsuq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f
GuLoader
37d7bba1bacdbcb35e301c1fc391449ea84d1203ca59a8b1f1142acf4596e032
GuLoader
3e487a6e78ce053ac4add56861cd380be9c2920d292f83448c0a3f8a814c53d7
GuLoader
79a2240a25ae035c8fb372974e643f276099d86118d018bb6053571cc3d06ce8
GuLoader
8869b2576e5e5ebd15edee49935a89a27bb6dee506483a27f805f708d4bf8957
GuLoader
baeafce74cc8a5c40bd2b6ba2e38312834e48f23f655cfae1d1ae8e78e375b84
GuLoader
d184268bf1ee860b491b319eb7f96adcab1a9ea696ffb4c26449a60c33b7a9e3
GuLoader
d18ed67b05d0bbd6dfaba77a6053c92674bfef8abc8c7aae7c17f703adc6ea5c
GuLoader
d7e91c4ae1a0b9f6bd1c2ae422b2d9488949110017b9d06001e6bcd386905c8e
GuLoader
df34eee3a23ae66bb689bc1911e417cdaa7b51c353dc586bdb3280f86df09b55
GuLoader
+ 940 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments