MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a1d9e8e1a2cbd3c22eb116726a85c258129cb3dcc0965220aeeef086b5d46231. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a1d9e8e1a2cbd3c22eb116726a85c258129cb3dcc0965220aeeef086b5d46231
SHA3-384 hash: b9243c26f49858e9ea908e6e06a9d16777de8a1af3b3c10a130b8aa00256671d6d0fb1dd3f4f26416f429b12f966271c
SHA1 hash: b3b1a9adfb2704f2b86406e3f958306fcd0d8f8b
MD5 hash: 5d4abf252d16c413894cbf354c1bd137
humanhash: arkansas-missouri-sierra-alpha
File name:payment advance.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-04-09 07:33:16 UTC
Last seen:2020-04-09 08:38:32 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 15a356b3fb9325cb80daa9c870e50de7 (1 x GuLoader)
ssdeep 768:LIeFzk8UptpRnnk1W0b8Og67P2GigNQM3gWtP8UE:se28Upt+W0rhDNQMwi8P
Threatray 201 similar samples on MalwareBazaar
TLSH 90A3D6667954FD12C7104F71AE7AE7AC4025BC349D016E0BB9C43FAE393087ABA51B63
Reporter JoulK
Tags:FormBook GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AA.24950.18064.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-04-08 13:54:38 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
15 of 31 (48.39%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uhm6rynczpj4elvrczzgvboclajjzm64yclfeifo53yinnoumiyq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0a6caea4ce7bf55029e1f01895a6c653fb2c5166f76dafcf94956dd8915e4eab
GuLoader
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
138c7976b6b5a29a4569f5018d6b925548a9a424fe3a48293f8a1522ba639afc
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
30ffce543f13fce23c61f63f8a6783b1c3be723377cb13e13bf033cbff8b904b
GuLoader
443bc33e9d28fddd4229367cde23085b8d57549093ce8e991eb4753ce58c85fe
GuLoader
76539c09f989d3cc938d6984f9ee8b6680fe2416822d63bf53a1712aaf9b695f
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
dda25996ab5b78fa63ab71aa304360374fe2eb6ded670c778b2c69d9fa1f1e40
GuLoader
ef8f03a25087eeab581d8439a0a19ba7148270d2210d479c1d6867fac69dc813
GuLoader
+ 191 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

GuLoader

Executable exe a1d9e8e1a2cbd3c22eb116726a85c258129cb3dcc0965220aeeef086b5d46231

(this sample)

FormBook

Executable exe 3287844199a24aab1c73ebcd103cad87af046a02e651b4cd9f2a4faaf9c0e2c0

anyrun
any.run
https://app.any.run/tasks/ae872869-5573-4934-923a-3ce22308d47c
  
Dropping
SHA256 3287844199a24aab1c73ebcd103cad87af046a02e651b4cd9f2a4faaf9c0e2c0
  
Dropping
MD5 3c50173a93dc758174403f64f1411269

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments