MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa3420190b3e22959cfb4715307027404fe5cb492faf5546189a20b82b9e4e37. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa3420190b3e22959cfb4715307027404fe5cb492faf5546189a20b82b9e4e37
SHA3-384 hash: cf8feb8fc9328c7e1ab670f332eaf51927334cdeed81466a442eb25a3db8f674f34cce319174e14a74e5651e90b99011
SHA1 hash: 5751fda55949459be0cecef6afa113ed56a9c966
MD5 hash: 4384f349314757b8280e636513479823
humanhash: charlie-batman-robin-summer
File name:New Purchase Order.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-03-30 12:43:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7ac3403931d95ddf572028d64f77d9c1 (1 x GuLoader)
ssdeep 1536:qNEL/4mrHxpz/g4lR0o1bcaeMFWTkMaWXS:ajmjxd7R0m7N
Threatray 1'123 similar samples on MalwareBazaar
TLSH 42A3D512FD00BD94E1284EF58B718B9C23527E266A05BD43348C3EDE7AF52687152E9F
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Vebzenpak-7644587-0
Create hunting rule

Win.Dropper.Remcos-7647550-0
Create hunting rule

Win.Trojan.Ponystealer-7648176-0
Create hunting rule

Win.Dropper.Remcos-7683428-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-30 07:07:24 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vi2cagilhyrjlhh3i4kta4bhibh6ls2jf6xvkrqytiqlqk46jy3q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
5a44cbe60853b3a9446a1ca10802ee4767cdfca6cf05c7c96ba7799aa91eafee
GuLoader
5f9b8ce62abc0d49b1bb253bd51286151a8b3d3f09fdb9e37cd964f80df26669
GuLoader
7af7b083ccaf83c1b1b4c7083b4c121472846f1b7343a0a83c883a8561fc62dc
GuLoader
8077b9d3b809c1b66793e7292d7afdb401efa60fe9be607bb48a30bcf005af06
GuLoader
a45d9c8d3f5ceb809b8ee497e806d29d6e379ae0603aea8b733096afcf86bdcc
GuLoader
ad64a6eaa5d2494a4161158792e7cde3fb7d9a7bd36f06cc0de271192582f439
GuLoader
b1d1654f14052fe13960bbde4280f2f1d34e802293dddb47c971ce833bb5bda5
GuLoader
c9dae8af9343e2bb59a9c6cbfa04b09bcbffe2a75893d797ec2a9c50c6253afe
GuLoader
cfec3b96406b5c9cee457e736154fe09bd0ffa60ada717f89f9923ecfb4358cb
GuLoader
d629c357618d0af63380cbd227dcdba8ec9af89e243ae67faaa7343ce9a91f01
GuLoader
+ 1'113 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

GuLoader

Executable exe aa3420190b3e22959cfb4715307027404fe5cb492faf5546189a20b82b9e4e37

(this sample)

AgentTesla

Executable exe c2916832bcfec5ab78ce54df726a01123f8ecea355b8832cf37daf281d66f524

  
Delivery method
Other
  
Dropping
SHA256 c2916832bcfec5ab78ce54df726a01123f8ecea355b8832cf37daf281d66f524
  
Dropping
MD5 93b336eb57cde4abef4352ede4eedcc8

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments