MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb22a0c4a604064f5bad7484b31e06d0dc31f7ce01f26a5cceb78d71ea259daf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb22a0c4a604064f5bad7484b31e06d0dc31f7ce01f26a5cceb78d71ea259daf
SHA3-384 hash: 28b19e5326cd4453e3a26f12272bb86de57627cb97ca15910889fb4129c346a627f38fadbed72b7a8a26e9d042f13ae6
SHA1 hash: 7e22a4251d857689be1106c327d7296b1408e40b
MD5 hash: e6513afafe545e48ce8e5137769df3b3
humanhash: black-louisiana-bakerloo-leopard
File name:new PO 20203946 - confirm order.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-04-30 06:22:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5b32c07ab97a05e0f89917b6a9b05d47 (1 x GuLoader)
ssdeep 768:VgCvP8JawakBxZZHDcIR449zPzoMXzBZ:XUJawdBxbH4GjdPzPzv
Threatray 486 similar samples on MalwareBazaar
TLSH 99734B167964C136E274DBF14B61CFA902567C300D41CD1B744ABB6DAB3EB00DEEE299
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: ns.univ21.net
Sending IP: 211.233.62.61
From: "Induvac B.V - 8017"<p.deijs@induvac.com>
Subject: Our Order PO 20203946
Attachment: new PO 20203946 - confirm order.iso (contains "new PO 20203946 - confirm order.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 22:24:44 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xmrkbrfgaqde6w5nosclghqg2dodd56oahzguxgow6gxd2rftwxq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2b06bef1e11a4116301fd6fe39fee4f1a131cff248ba8e1213335161f51385f9
GuLoader
484b37c91fa9737deb4621d7adaec989419ba06a4e97ae797b7fa6fdbfaf3e67
GuLoader
525e84690c9ed421e2fef9331729469af6d9ec8edbd67f55ccbcaab6b688bd0c
GuLoader
5668f2f784befed20b52f3d30aa3a9ab374b35a1a853d908ff9ac5c82ddea749
GuLoader
632562060da02f7ed5e92b1fe1bd94ce8d993cb134e93f8294beade2f0f42974
GuLoader
94aa044af536864b0126b945a20ca29ccad0f3471d8ee3516c10b065ed49739f
GuLoader
b6815b7c6bd39d114da295e839d472997b073db3d57429aadad20bb73c7b47c2
GuLoader
c7552fe5ed044011aa09aebd5769b2b9f3df0faa8adaab42ef3bfff35f5190aa
GuLoader
da9905dfd7e60f5a61bd23a3820c461bb67d59f5dafea80ee20f838871c9ce83
GuLoader
e43ee2ab62f9dbeb6c3c43c91778308b450f5192c0abb0242bfddb8a65ab883a
GuLoader
+ 476 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

iso 88435d89be3567ee144444d5ccd6fc57b8e0b86dc1ef80189275511d73423067

GuLoader

Executable exe bb22a0c4a604064f5bad7484b31e06d0dc31f7ce01f26a5cceb78d71ea259daf

(this sample)

  
Dropped by
MD5 25a3cd8df4bf0219ec895cfbe831eda5
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 88435d89be3567ee144444d5ccd6fc57b8e0b86dc1ef80189275511d73423067

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd

Comments