MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b1dea0e5769512552ec2d4ab63dc3a7377d7409e4651c15635dd64878f022e99. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b1dea0e5769512552ec2d4ab63dc3a7377d7409e4651c15635dd64878f022e99
SHA3-384 hash: 4acdafb6e42860606c0bf2d813497958fee5e8c80344155edb5521da0a4ae61684c4e5a6c54f5ce8594c7ffcd182f8f6
SHA1 hash: 19420baa209e6701317dfc6042e742e2f623255f
MD5 hash: aaf4f0b323ea33e915932fe0ce3e238a
humanhash: missouri-ink-zebra-delaware
File name:SecuriteInfo.com.Win32.Injector.ELQS.2176
Download: download sample
Signature GuLoader
Create hunting rule
File size:86'016 bytes
First seen:2020-04-28 15:55:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 965ac96787cf85955888f8a9a62bd475 (2 x GuLoader)
ssdeep 1536:AQCXi+MzzE7NAJiIh+A0sZFP/MXpO4sBP0idIHuB:IXMzzY0DZFXMXkDBPvIa
Threatray 808 similar samples on MalwareBazaar
TLSH 24833912B5A8C031D56C4AF30E1997D8419DFC740E51CE0B3989BF6D9B7291B96223AF
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Fareit-7740078-0
Create hunting rule

Win.Trojan.Vebzenpak-7740146-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-28 12:15:16 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=whpkbzlwsujfklwc2svwhxb2on35oqe6izi4cvrv3vsipdycf2mq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0ec3c68f6fa845bcc40ea35365aa204f7e8bdf8010ea20dec2e3ea3f46838e02
GuLoader
2ed2a56967e7cb3e18b8b2cb910b9e6d356a52a9b65a05309c36ec62fa09773c
GuLoader
3667b7518f2634bfd589f12fe1fd6e7ec1701030529dd3ece0b04705e76e5e06
GuLoader
37a3468d527e22a4cdd0c1e8717a5bca60db2cd8aaace1a4d25b65eeccd8079c
GuLoader
40c27e805186cc26240cbf37d1d2809412c42e2a3610fdff32cf5b8ce35459e2
GuLoader
bbb38a432f7eff2a12b72c3ed853e937fbf5d7b9bd23b9f8ab61beb6bd594c10
GuLoader
c688c6b0f5bd44c8d37e810000892ce8d0e2225f1dd04a92d454fd60c7cdc779
GuLoader
ccfc389f6dd3e6d9974b6cd4bb2a2efa5eb060f48e784aabd21a723cb58ff063
GuLoader
d1148a8f019b2b901f2c089bd7e77eb55c61efa5d6cbfb65e4fa1868476c9dfe
GuLoader
da52dddf3fb5de8859dd962bc96eeb267fc4e723682c3defec35672be1441e5e
GuLoader
+ 798 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe b1dea0e5769512552ec2d4ab63dc3a7377d7409e4651c15635dd64878f022e99

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/353096/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments