MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a4813ccf4c97f087ca7f2a12227496bbc8f5ef8b48f292981ac2504f2bc0f27b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a4813ccf4c97f087ca7f2a12227496bbc8f5ef8b48f292981ac2504f2bc0f27b
SHA3-384 hash: 332667e963ce63839e17a824740af5d130b4a65c6f76ad9f377a90bf952cb1308dc6a4dd44a4becf2ad4039fb9186fb5
SHA1 hash: 5e808cc977edba2544a0a5dc805be01b4b77624e
MD5 hash: fdaf8fbc23c7cd5cdf6c65cd19c7b402
humanhash: lion-winner-utah-orange
File name:Bill Of Ladding.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-04-16 14:23:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9df05bc544dd21044251d2bdf0efc6e0 (1 x GuLoader)
ssdeep 768:+2ePjwI0xJJcOHonJAYv2Y66npBZZZwn43PSndB5a5vfDfPLCIMAB4:VebN09JoWYZrJwF0ru
Threatray 1'187 similar samples on MalwareBazaar
TLSH 7CA31812B288FD86D2254BB15AF5CAFC5124BC348D566A0B74C43F6F36B1981B0B2F5B
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Rogue.0hr.20200416-1205.UNOFFICIAL
Create hunting rule

Win.Dropper.Remcos-7686834-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Formbook
Create hunting rule
Status:
Malicious
First seen:
2020-04-16 14:23:29 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=usatzt2ms7yipst7fijce5ewxpepl34ljdzjfga2yjie6k6a6j5q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
163b0dbdbeb27d581695908c409f25a926613547da8cc08e844e2a93307bd9aa
GuLoader
60c2a6a0bc12f4b6fd4ecb473d5de3d9de561ee3125055dbbf2d8ff12bb83f60
GuLoader
6cfa6754f2c32d3856972eceda81e57c0a274c80419482b6fe3910966b67a114
GuLoader
6f06cf7295e9301a4358854569f7d53dcf77319a94a76b45e60ebc72b88c2087
GuLoader
a40a5e625d55583bfeb7d9ef900686a29dc3c6f580ca1615af7a2ad29f02761a
GuLoader
aee6f41ba3393811f2980cec1714785039dd6cfcc629b81479fc376f635868c7
GuLoader
b666f8a605a45edebf5a3980675d00b84343a9b3c7a6d00fb90c37f40b55ac57
GuLoader
c01173f818eaf0ed530c4831f5b61e207498f606c2f61141aaf8ffc1ef62bd28
GuLoader
cb108b44f7c1ce27111e05df5b00d405abd180fc46d280b78e9a137fd9858dbe
GuLoader
f71b8185345a7a8d923db61ae9c9f68bb53b7c3d26e825aa80dca05c5879cc87
GuLoader
+ 1'177 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaFileOpen
MSVBVM60.DLL::__vbaLateMemCallLd

Comments