MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b4c98180c88d1c3aeea6d37b0642d5fa3a9d282b417615a7f3c8cda80389ae64. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b4c98180c88d1c3aeea6d37b0642d5fa3a9d282b417615a7f3c8cda80389ae64
SHA3-384 hash: 3501db9eceb7e2315e2000895abd48e4cec508f914f60f7cdaaa88be6fa2571dd4d146ed96dcf203b7e1a923455c3d8d
SHA1 hash: f053a3c759327b1d0870ba0673519f0bdb088800
MD5 hash: 5e435fdd5deeef4c6170be8dbfe74cba
humanhash: carbon-minnesota-carolina-california
File name:SecuriteInfo.com.Trojan.Siggen9.22011.28529.336
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'728 bytes
First seen:2020-03-18 20:46:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a1067634344eb9a688c9676f80cca4a2 (1 x GuLoader)
ssdeep 1536:03kiQKIulKTeSSTVio/NPZ01/FXKIulKTeSSTVM:NiQXMEeSSxio/VZY/FXXMEeSSxM
Threatray 4'832 similar samples on MalwareBazaar
TLSH 67737CF2E153C572EA9DDEFC40A709185730597AB9A01D07E27AE5881CFEE9134B072B
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.22011.28529.336.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-18 12:11:33 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wteydagiruodv3vg2n5qmqwv7i5j2kblif3blj7tzdg2qa4jvzsa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20
GuLoader
4dac6edef78dafb90df3fd12392f3476743ec38556aa72d364c913cb7f866ec3
GuLoader
5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35
GuLoader
8842ac3497c777517b2f18152eabaa0994a460d249773a5e89a4e16bca2bd741
GuLoader
a7cfc6a8e508a244063a4190921f1c91e30712838282fb20b8bcdb24b138bb9e
GuLoader
b24a5df4c63722afbed1e3807b18fcc065008ec3431de146dbf3657dffa00893
GuLoader
c99fc7455ba8df7d54e74b20d4a3db4ef2e29bd73309119a24cc46f28122697e
GuLoader
ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
GuLoader
d1e9ede488849faab5eb3e767704a4644cc79e6eaac8fe996d90fa164e68f620
GuLoader
e45490584a68e394f6714a78c96988adc241fd3acd783337bd66f26117535454
GuLoader
+ 4'822 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b4c98180c88d1c3aeea6d37b0642d5fa3a9d282b417615a7f3c8cda80389ae64

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe b4c98180c88d1c3aeea6d37b0642d5fa3a9d282b417615a7f3c8cda80389ae64

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/326499/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments