MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bcc7af2de70a30482b2b1b282579faf215fed0f5f9e9f9c060f81d720845df3c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bcc7af2de70a30482b2b1b282579faf215fed0f5f9e9f9c060f81d720845df3c
SHA3-384 hash: 21e51473ec85fd7077dae595027d40fed8e43bad2ef43339c09d9ff5dd70911441d605f610e9bacdf31b0b6752aaad63
SHA1 hash: 75895bbdb57914bb2bc18153d75eabfc9c936bdf
MD5 hash: f245d7dce1e9a3c4193ab8ce2c4a0044
humanhash: juliet-island-uniform-happy
File name:remittance.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-01 18:26:16 UTC
Last seen:2020-05-04 13:44:56 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6fdf83973c93ad3242808a05151001b8 (1 x GuLoader)
ssdeep 768:znvm5J/gSPJd2EPoIVx71jaFKm7GYTykO597n+N+b64M0Xsrmwdy:znvYJAEzf7pa57Sn+N+b64FXh
Threatray 108 similar samples on MalwareBazaar
TLSH B893E8497ED8F1F3D6690AF21B1A89A405C57D3A29225F03778CB62EDA35AD1DC10F23
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 09:53:39 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xtd26lphbiyeqkzldmuck6p26ik75uhv7hu7tqda7aoxeccf346a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0b2c23184d7575924ccd5208513a561aa8a98461b6d558aa9bd12c7d488ce430
GuLoader
1f93e9ec506b2df6670b01905f5c42e05d7c2b4dbf44e37d82ee8050528d961d
GuLoader
3827270781e1757ffa4f6c953bba112cdd1afd673e26f639023bcaeb1cae94a0
GuLoader
40329aa70c46a8447073674eefc1bdcb43103f359e57c6d62b30ba947e67ec60
GuLoader
631a30f2f8d182709534c3ab4aa1d531df4147997258ab7c7f819ae51f3e5e2d
GuLoader
6b03cfee0a25254f46bb2c3138ece41f2c0255a70141e3f457389e07120a153c
GuLoader
7ab96517f6852c124c82edf441496b2f005b11a4d1feb92f9cbfa2a2bffd1acb
GuLoader
8077b9d3b809c1b66793e7292d7afdb401efa60fe9be607bb48a30bcf005af06
GuLoader
aada59d2334345770be8c2392e761b1f8361844ccd64852a0aac3b79ba7d88bf
GuLoader
f5b55fe9b33435e6a2053e16b843b5e89f3f4f3c8dfaf778386f2896b5ec4b7d
GuLoader
+ 98 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd

Comments