MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b1d1654f14052fe13960bbde4280f2f1d34e802293dddb47c971ce833bb5bda5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b1d1654f14052fe13960bbde4280f2f1d34e802293dddb47c971ce833bb5bda5
SHA3-384 hash: a3adcb70e8f63b610ba355f4fa8c59611179632ba50017e72d45cafffb74d8dff52ee68e3edeff6f875fc5eb7c2c2f12
SHA1 hash: 130a0916b291901c3d143d8b0bc74d7254734783
MD5 hash: 0c845e2649b99dab087b304876ddf0e5
humanhash: muppet-yellow-victor-india
File name:bright.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-04-07 05:47:41 UTC
Last seen:2020-04-08 14:19:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 00b25850633b4030790d9da33806520c (1 x GuLoader)
ssdeep 768:ZQ1n2Twuv4lTynmmxX+KCKC/7qwkY6AO4dX15JD+Xh2i1/1TEiInY:InHuv474X+HHEJAOaX159+XBpErY
Threatray 827 similar samples on MalwareBazaar
TLSH AFA3F752BA60FE51C8404EB18E7ACBEC4435FC34DD45A907BAC63B3E3A7119AB191B17
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
4
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Noon-7650558-0
Create hunting rule

Win.Malware.Generic-7650850-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-06 13:09:07 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=whiwktyuaux6colaxppefahs6hju5abcspo5wr6johhigo5vxwsq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
50a4a0067a0756996b12da1316f2574a16316d050b675114c8ae60c35e99cf5b
GuLoader
5a37dbecf825521597ec511ae03e854c8000c9b6220db8f10bf18415fa856a90
GuLoader
5c4943289a1959b03d31592b147472be4d31a2637316b7bbe102412082619502
GuLoader
5c86fcf32d1f15a745dd2f39989630ac310d1aee52af7b5f762f75f8855879ab
GuLoader
7c267f393664ccc38c7a4fb521587e77db7fc7e3a157a9ef5c19783f03a67c76
GuLoader
8533f6030709d8f590c3e50dd87edf7cc841d2b4b455e209a7999c0ef1b1d743
GuLoader
9bebd6b8400a02ec36958c8cf06d3abc659b462d482fca3df8a3a64e42b3e234
GuLoader
a6f34907ae34f485e4091ba122886cb32a2cc27856d580fe289c8861d6241f27
GuLoader
c0b3f80b09b6851a3dd4ba2a7bd1ef106779f671b324dd4f490c6dbdb8865ec5
GuLoader
fcce249643f7fe240695fdbc393b54a543fa4a49942b56ad8aad6f219c4f896d
GuLoader
+ 817 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd
MSVBVM60.DLL::__vbaErrorOverflow

Comments