MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b6e65205eb258b1860e98244e346de97593618177b6da2db887f2d345be02b28. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	b6e65205eb258b1860e98244e346de97593618177b6da2db887f2d345be02b28
SHA3-384 hash:	252fa78127bc9432e6ca368ad47af8cc939f13f5933486c46b13f80e5b4145f0aa247560509ce9f97c59ce90b8d36686
SHA1 hash:	dcc58e6e6151eb7979f9368a4bed55d8715497f7
MD5 hash:	36391b105ffcac24e412a2c63684854d
humanhash:	harry-oklahoma-avocado-green
File name:	NEW ORDER.bat
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	77'824 bytes
First seen:	2020-03-19 13:36:16 UTC
Last seen:	2020-03-19 15:48:10 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	85d3de44dd3da2c69b3471a5ea9dcf59 (1 x GuLoader)
ssdeep	768:rt00RF5ceFQ88GEaTdKd7wsrBNumehm+mYrB80bsL4f9yaIM4HxvFJ:rt0GrJexGEw4dkKPX+mUdsL4pdEjJ
Threatray	1'202 similar samples on MalwareBazaar
TLSH	22738D42FB80D425D849CB3DAC8BD2E01157BC586A92D59B36D47B0F6CF00E18F5AF59
Reporter	cocaman
Tags:	bat GuLoader

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.42863447.28785.18957.UNOFFICIAL

Win.Trojan.VBGeneric-7639471-0

Win.Trojan.Vebzenpak-7639494-0

Win.Trojan.Generic-7640133-0

Win.Trojan.Vebzenpak-7640209-0

Win.Trojan.Vebzenpak-7699953-0

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-03-19 21:26:00 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

26 of 30 (86.67%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=w3tfebplewfrqyhjqjcogrw6s5mtmgaxpnw2fw4ip4wtiw7afmua._file

Verdict:

malicious

Label(s):

guloader

GuLoader

1dd6f607717de939a61667dd9db86d4d0cf7a90f884af5fac81d35982d36c53c

GuLoader

207465ded4b4538b319e22188fdcfe0f42480386e77be00582192b58dcd7e0ac

GuLoader

8914aa5433f7284881402dc27336d96baa74c6e7ce16f28531bb917c1dfa3e0f

GuLoader

a6287780595058f07192b68b63c9a109ea7bb6222c58e29e00dbc5acad363a6a

GuLoader

b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f

GuLoader

b52960b7ce7ae8c007c59626859816296471b7810036baaa7b7b86c2cd6d6218

GuLoader

ccaedac7e0d5d4a655d37d59fb12bfb920785e9c8d0b811dc6ab88d3e1ca6ea0

GuLoader

e4bffaffaa1de9c8d8fcd49caf92c585277145c9a1d15f5d7a60e20ed1334e22

GuLoader

eaf0b4e39ae638cad739fcba10d65e7807cf270ed6cfd650ade939af4d489088

GuLoader

+ 1'192 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/b6e65205eb258b1860e98244e346de97593618177b6da2db887f2d345be02b28

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 8b9d5f8782d3432c3ec300c461eb146daa7db5ceb397bec7e88b356537112b75

GuLoader

exe b6e65205eb258b1860e98244e346de97593618177b6da2db887f2d345be02b28

(this sample)

Delivery method

Other

Dropped by

SHA256 8b9d5f8782d3432c3ec300c461eb146daa7db5ceb397bec7e88b356537112b75

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::EVENT_SINK_AddRef

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample