MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b4faad2ab96b7348202784c23e871c07a7e5cc2ff7f0d83037cb26954f1bb8e3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	b4faad2ab96b7348202784c23e871c07a7e5cc2ff7f0d83037cb26954f1bb8e3
SHA3-384 hash:	5d76f8eeddd01ba8627c60050e9b81fb61cd66d2d631bb500da52f69c1d21de95d067fc543c61646890a0f22e9c47bbf
SHA1 hash:	379002092e36ff016663434a31d2749bc8c3dc50
MD5 hash:	f00ce1a5987f41af59f56f5b9f011ce4
humanhash:	cardinal-twenty-foxtrot-equal
File name:	Invoice.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	73'728 bytes
First seen:	2020-03-17 09:42:01 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	c2cfc7a99cf71098b892c943acce691e (1 x GuLoader)
ssdeep	1536:lZqtBzdRXvhz7KI0ryirQs+p+4+puAez7KI0ryiTLyRbW:Ot1//97KI0ryiMB0lw/7KI0ryiTaa
Threatray	1'175 similar samples on MalwareBazaar
TLSH	D6738DD5A6CEC57DC4679BB400CA539B2FFB4534C7E1045B28B3460429AEF0A1EE6376
Reporter	cocaman
Tags:	exe GuLoader

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.PWS.Siggen2.45047.10817.11362.UNOFFICIAL

Gathering data

Threat name:

Win32.Infostealer.PonyStealer

Status:

Malicious

First seen:

2020-03-17 18:01:44 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

24 of 29 (82.76%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=wt5k2kvznnzuqibhqtbd5by4a6t6ltbp67ynqmbxzmtjkty3xdrq._file

Verdict:

malicious

Label(s):

guloader

GuLoader

7f75534af5e989dd99a02227f555d7fdb4b57396b2eb8fb02eb71623b857395e

GuLoader

988b22396032c7352be36c70d738091e7df261013cb1161194e8dc416fd15fe3

GuLoader

9a71512b2f6878daa9df333705736af7c3a7e0c3a5327f4d245ac2c5eb0c7d5a

GuLoader

b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f

GuLoader

b97f89957de59d3a218ed617e6acb9136e3279f9dec3f864ec32d9b29b77ec6e

GuLoader

baeafce74cc8a5c40bd2b6ba2e38312834e48f23f655cfae1d1ae8e78e375b84

GuLoader

d7f4b62e461376eae0f1665b68d315866b292b7ad2818c48fafb5c3102b76dc0

GuLoader

e654d1c784c371f9dfc855685f6cde32d4e18807678594291783c62dabc44f98

GuLoader

fea3940f656c82bb8ed4668c67b6be0ecd1b72fc6d6ea52199c365ec03212a31

GuLoader

+ 1'165 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/b4faad2ab96b7348202784c23e871c07a7e5cc2ff7f0d83037cb26954f1bb8e3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 9ced0f9d7f87be318819f247ad8dfa5add123f60f5b3cf72736af44165d073f1

GuLoader

exe b4faad2ab96b7348202784c23e871c07a7e5cc2ff7f0d83037cb26954f1bb8e3

(this sample)

Delivery method

Other

Dropped by

SHA256 9ced0f9d7f87be318819f247ad8dfa5add123f60f5b3cf72736af44165d073f1

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::EVENT_SINK_AddRef

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample