MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a49855a8a95f24d6ee35f5853e894f13be32bcc91bb076811feb3943f14bce6d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a49855a8a95f24d6ee35f5853e894f13be32bcc91bb076811feb3943f14bce6d
SHA3-384 hash: 0d43d1f0f2d30f1e354d116ee999528e95dc8b9a525635b302a4837b49375a4bf740640285f603fdcc12477acaee4fab
SHA1 hash: 6ad9651eb6f54644cdde09fb9d71ecc2c5e2cbf9
MD5 hash: 65ec1e58345b7748a31f6c73bd7ab36f
humanhash: sierra-equal-orange-nebraska
File name:Factura de proforma.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:118'784 bytes
First seen:2020-04-20 07:55:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e8aef7dfd9a729abd5d6f416fd481839 (1 x GuLoader)
ssdeep 1536:NV7gFLkqGnBojgQ9XST/HjDDIqctW+JXNbt:j7SQojr1Sr0Hbh
Threatray 159 similar samples on MalwareBazaar
TLSH D7C3F82176C0FE55C78549B35EB4C7E802A9BC348D147A0B34C23E5F29B76C578A1B66
Reporter JoulK
Tags:FormBook GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.VBGeneric-7670258-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-04-15 16:14:40 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=usmflkfjl4snn3rv6wct5ckpco7dfpgjdoyhnai75m4uh4klzzwq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0a6caea4ce7bf55029e1f01895a6c653fb2c5166f76dafcf94956dd8915e4eab
GuLoader
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
443bc33e9d28fddd4229367cde23085b8d57549093ce8e991eb4753ce58c85fe
GuLoader
76539c09f989d3cc938d6984f9ee8b6680fe2416822d63bf53a1712aaf9b695f
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c5aa2a24607b845bd3fa1f856a072061ef62831a5dc138eba9e8199c3cc10696
GuLoader
dda25996ab5b78fa63ab71aa304360374fe2eb6ded670c778b2c69d9fa1f1e40
GuLoader
e3bbab3b78373c6545395824227850d304764369dd339283500bd34f80cb949e
GuLoader
ef8f03a25087eeab581d8439a0a19ba7148270d2210d479c1d6867fac69dc813
GuLoader
+ 149 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe a49855a8a95f24d6ee35f5853e894f13be32bcc91bb076811feb3943f14bce6d

(this sample)

  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd

Comments