MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a3c9b063a2e0b2543b34146f01d970f5ea721fac3fccc95bf1afdac5a56164e9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a3c9b063a2e0b2543b34146f01d970f5ea721fac3fccc95bf1afdac5a56164e9
SHA3-384 hash: 33466ad50b01435111203ecff799475371dc2c37d69baa66b921d56f05d371fa63fd5191aabe040e8e8c35718a4a8200
SHA1 hash: f8d642e49c6de86156a09f72b838af2a3c31518d
MD5 hash: cc337525b1812296df853fd61fb0090f
humanhash: butter-cold-florida-arizona
File name:DOC154550.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-04-18 19:10:51 UTC
Last seen:2020-04-19 18:38:29 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash fe118ca0a15b35de6943500c0c00328a (1 x GuLoader)
ssdeep 768:uFTA7r51cr4vGqcw11XkCHsz43gwG305kcwJvxjDx7AMaFf9fb6BoFVqRHNo0e9G:qur516Srkks03lwJvncpORfe8Zz
Threatray 376 similar samples on MalwareBazaar
TLSH 53A3F660B694FE81D4244AB18A76D3EC4072FC35CD426A4B35C43F0F7A79985B9A2F1B
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
7
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.33534.8186.29650.UNOFFICIAL
Create hunting rule

Win.Dropper.Minix-7679494-0
Create hunting rule

Win.Dropper.NetWire-7679513-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Dynamer
Create hunting rule
Status:
Malicious
First seen:
2020-04-17 12:05:05 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=upe3ay5c4czfiozucrxqdwlq6xvheh5mh7gmsw7rv7nmljlbmtuq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
06c39fdd95aed534806896a460c1cd568259e7b786b20abd7e923c4d1d4d8511
GuLoader
2b7498abb82bfc105fb641bc1b9e9da602bfeefb252dd8d16d7c1e4fbc3a4668
GuLoader
2ea5a4fb25528051254f255dc64913ca7d4faa1ecba2f40a55b536f871624fb9
GuLoader
504cd8dcf16b6e6b55271ef9bcd8603916ec5f81fdeb0615e3c970954d50a7f0
GuLoader
67aa5b86db90b286266d57324824825453a9db72b15414ee064dbf01085d00b4
GuLoader
814cf0cf90c5b99f4bf827ca64e5c7c55d73e036b9e8646f0d6031444a90fe63
GuLoader
818a7b0f2761340c423a9feabe5aae7fbf96129316ae4b0a11357cbaed344bbf
GuLoader
bb2faadcbc0d7c66a84bb763e34cc811194f21a2222541a62fd1c0d9d3ce6c42
GuLoader
ddf6f04276c1d976e62e199e6c928fb7a3d7aaec455a1859f8d8f605c89ffc64
GuLoader
e0c1fb97e28bc9944bc045ee772dd8da34a985a9e410764734eacdb35429cd1b
GuLoader
+ 366 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd

Comments