MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bdde3710c5191125b83c55f75ccad13dcc2b210c8d1100929ba8c68a13e4fbe6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bdde3710c5191125b83c55f75ccad13dcc2b210c8d1100929ba8c68a13e4fbe6
SHA3-384 hash: 245d2c7956bbc4ae030b10463420e94aa018396e40fafd2fe51f9c0ef8a4b1842992cb41d6c78a859b03e1cea8479ed9
SHA1 hash: 4da9cfdb2995e414d64d79beaa9f7f5f0da4ba1e
MD5 hash: ed94abc07656bdede602622077bff31c
humanhash: paris-helium-shade-muppet
File name:bdde3710c5191125b83c55f75ccad13dcc2b210c8d1100929ba8c68a13e4fbe6.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:73'728 bytes
First seen:2020-04-28 18:53:31 UTC
Last seen:2020-04-28 19:55:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash cf64a2649541428bc87e29fb4a42e2df (1 x GuLoader)
ssdeep 768:BMTfT5SxVkQJ+VlZhQDGHLetDEliNaWDccjMqvwfjc3rpqW9CBBK6aBMT:4r8xhkVHhSGHZYNvwcjlvuc3006N
Threatray 447 similar samples on MalwareBazaar
TLSH 98739F95B2ABE831C12249FA2979D078547DBD31181BCE4378483FBB18B5B9BA513337
Reporter JoulK
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Fareit-FSWED94ABC07656.4152.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-04-28 19:35:32 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
21 of 31 (67.74%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xxpdoegfdeislob4kx3vzswrhxgcwiimruiqbeu3vddiue7e7pta._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
3c2cfd02b721368fdfba96b0dccb850e6af1afd0610103563cb7a1967c9b9905
GuLoader
40c27e805186cc26240cbf37d1d2809412c42e2a3610fdff32cf5b8ce35459e2
GuLoader
6b24ebfb84665cb844410ec9f948cfcf7f6d08f4ede16d52930c53236390848f
GuLoader
7f757770f2049c23624a483feb6e9331693ded0dafb9c636f96fe6b9307a704c
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b4b7f0fd63cda1269ee937fa398fb80b6655d205066e6593fefceda7e3b09f6b
GuLoader
bb6af15e47e6514cf1bd873c88a71c4e6c91a1920e7b3badedcac30fa5e93f9c
GuLoader
d4f504a85af7c8661492ea1a331220b4101db3e91a56fa0855dbedc0b9a9c1a3
GuLoader
e77e27630277a31276539c379671f54095d6b735f0568a3c457ac6a189c4c5b4
GuLoader
f6cddc2f46ec3e8dc95b6fe42c6f30745bf0e7d3e9788c35a96199c82fc04f66
GuLoader
+ 437 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaFileOpen

Comments