MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a07051295b50dfe762f42e922f6815e4554ae1b392da5810b88893cb91ac3b7e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a07051295b50dfe762f42e922f6815e4554ae1b392da5810b88893cb91ac3b7e
SHA3-384 hash: 647deacc8f40ebac0c2b39a60c933dd1896abda3e16eb4ee120da287513115c170c7b5c15b2063dac444461afd7d1b77
SHA1 hash: 2309f6ee158d1fa1afd41bfca7800e0ec664f434
MD5 hash: 99f91e98195a09ee063afb472629e3a6
humanhash: nine-nineteen-fourteen-bacon
File name:RFQ NEW LIST 200CL ORDER _pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2020-03-24 05:27:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 682bd30c9fc513774235322c46cf1416 (1 x GuLoader)
ssdeep 768:RZ38GuLX+wh/IpSYtcNZUxm5BTb01EwOxS55rDa0B7VzjSNrvuEpRHXdfBU5u8hx:3QtBYGf5N01EwOxS55/jSNrvFdfkh86
Threatray 998 similar samples on MalwareBazaar
TLSH 72C34B22F641E41BE88A1E7C4EA6CAF85135AC214E20C6CB7E057FDE3CF52129D6D761
Reporter cocaman
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Generic-7639969-0
Create hunting rule

Win.Trojan.VBGeneric-7640052-0
Create hunting rule

Win.Malware.Generic-7640054-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-03-24 01:41:19 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 30 (80.00%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ubyfckk3kdp6oyxuf2jc62av4rkuvyntslnfqefyrcj4xenmhn7a._file
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
guloader
Create hunting rule
Similar samples:
032624661ba64ab1c3ca40a7a47b3635ee6b6a3442ca6bfb7a41a4a8de7b0fb5
GuLoader
27d318fe5d1d8f02c39b6b82690e4be83eeb3f357618cbabd7d808a23924b277
GuLoader
2bd30faef9e89799bc33f076afc8f3521bc84018c8e27829e8f475ee1c8dc13b
GuLoader
3df464cdb09ec8aed7589b31541a291c9b921f49b2cc97aa34d363161366db8a
GuLoader
4fb3528f5fc1a30b03cf69920e1db68cd4943c1c303a09cac0723a10abfcc378
GuLoader
5cd5f57afb04ba3ce4e5aaee5a7fa7d10b24a334e30911a49a4cc4cb52982848
GuLoader
65bd5f3bc433f60bfc5ea392aaa33539592d657cbe2d316b25b24c9e12c225cc
GuLoader
844fb0d61ff2be56043914797b2e0123e111f616bbd743e3ecfee5c340651146
GuLoader
c76654971c4af60511d3583a3bd00c673904569aa93973687e14e95b9e80de6f
GuLoader
ecbbdea89347df30a9575353b8886499a88d30f5606f60c922c62e4a56637c74
GuLoader
+ 988 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar 3db81c7fb2db2fed5c006a30c124eeed49e402cd6b4266cd4679e34c7847ba7d

GuLoader

Executable exe a07051295b50dfe762f42e922f6815e4554ae1b392da5810b88893cb91ac3b7e

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 3db81c7fb2db2fed5c006a30c124eeed49e402cd6b4266cd4679e34c7847ba7d

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments