MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b0e40f83154bce1343f616094c5c67fb9991f06aa7a0fb1915f952e40c3d1bba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b0e40f83154bce1343f616094c5c67fb9991f06aa7a0fb1915f952e40c3d1bba
SHA3-384 hash: ca79c5f61a6ce661e358ace9817bc053a15384fa3c06588a2601f7956ffbb4f5d8745b9428cac94a6b7d1734e81fd2dc
SHA1 hash: 7c2c3fe1b56f19376aca59d0cc44fe4614ec4f65
MD5 hash: 15f0a22c06c2be78c39e1917e2e798ca
humanhash: hawaii-chicken-lemon-skylark
File name:PO.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2020-03-18 16:46:46 UTC
Last seen:2020-03-18 18:34:14 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9c380eee3c2bb684d1e03e5912394ad6 (1 x GuLoader)
ssdeep 1536:qurIK51KOzsoK+dtPVpiudZNeLXWB/LnT0MWkbT3y+:3JEL4Xk6Zv3WO3y+
Threatray 725 similar samples on MalwareBazaar
TLSH 64C38E42FB50D977D5088A3FAC07D292090BFC5926D6D54B39947B2FB8F45A28F1E710
Reporter cocaman
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Agensla-7639840-0
Create hunting rule

Win.Malware.Vebzenpak-7639843-0
Create hunting rule

Win.Malware.Vebzenpak-7639845-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-18 19:38:29 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 30 (80.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wdsa7ayvjphbgq7wcyeuyxdh7omzd4dku6qpwgiv7fjoidb5do5a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
045a0ca823585d73272d70c8b35e6a91c0fcbe5221a088f48db5e613a67be2a5
GuLoader
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
443bc33e9d28fddd4229367cde23085b8d57549093ce8e991eb4753ce58c85fe
GuLoader
63b618d089d36a9be597c7492ff172178bab27004785a3d53f530ffcb67102b3
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b2ad4bb1d6523d5541609a20280c7858ee9dbf33a206146082de81826efc8927
GuLoader
dda25996ab5b78fa63ab71aa304360374fe2eb6ded670c778b2c69d9fa1f1e40
GuLoader
e187821f898ec00b0e007b899046c51fe7f950ae2e44ebf60bcfe83dd1e04530
GuLoader
ef8f03a25087eeab581d8439a0a19ba7148270d2210d479c1d6867fac69dc813
GuLoader
+ 715 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b0e40f83154bce1343f616094c5c67fb9991f06aa7a0fb1915f952e40c3d1bba

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar f620cc4cb48837403f15ef21d929deae00fe2545429d06c850546ae82cf7dec2

GuLoader

Executable exe b0e40f83154bce1343f616094c5c67fb9991f06aa7a0fb1915f952e40c3d1bba

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 f620cc4cb48837403f15ef21d929deae00fe2545429d06c850546ae82cf7dec2

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments