MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 be45d144f539c0ef3ce8329cebcc9e26167f293bec1a9e82f5e7294a6fc17c5f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: be45d144f539c0ef3ce8329cebcc9e26167f293bec1a9e82f5e7294a6fc17c5f
SHA3-384 hash: be7c2aa61662486bbf30f472f179ba07a0222a1def6e0a4f81da9a39102354284eeec35726b8a2c66c48f5c02208b5ee
SHA1 hash: 21cf4ed0eda7985552033f9296039365ef77cb23
MD5 hash: f5f8aa2337a6b7b3689c7e2ccb175a6e
humanhash: mississippi-uncle-monkey-yankee
File name:Intldvigmefzc21.04.2020_Copy.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:212'992 bytes
First seen:2020-04-22 14:07:44 UTC
Last seen:2020-04-22 15:10:32 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 386ce16fd8538b779e2d027c2554d13b (1 x GuLoader)
ssdeep 3072:EYHqKRBOp3IL4GRTa8K7ADOg0FcbR57mr:Pm3ILPS6bR5
Threatray 167 similar samples on MalwareBazaar
TLSH FA24F651B970E4A3C72446312FEEDB7DC2183EE1C9E1C91F2490375AEE7269651A223F
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Remcos-7684279-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-04-21 23:07:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xzc5crhvhhao6phigkooxte6eylh6kj35qnj5axv44uuu36bprpq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0282b710d24b3d098017e3231c93e1b46bf8586a6e0cc83ec76f2a1d710c6813
GuLoader
06e0e3da562a627b84f328a76d70b62326e2b5a82fd28bf943b6d3dfd1f26cb7
GuLoader
07bea1f0f5a11fdada688ba215ee670c1a77d2f05b0e1125edaee37e66a0819c
GuLoader
37dd9ac0253be5eb6036877963ff457db90932e34d9bbd2c18852bf8bfd873c2
GuLoader
9c5315409c9ccb1e74195e244a17531781b973f9f489743602c18aaf5a22e7fb
GuLoader
a574b201fa1b1b05d857cff48993efd19a3f700c55d6a7ea8ea9a1da30becb62
GuLoader
a6009a6b0724811f3bb71fc6f0c6b3b1aad71448948175949c7eb8af82034e91
GuLoader
a63dfd81e0eb6283bc0051a3c1f80ba0eb818d132aafe5e6a1cc3cd63a3433ff
GuLoader
c224d671ef8ea5bfdc03b9a33d7ae043827b83c2ddc96e7ce128efb36f26fb9e
GuLoader
fa905ffdb00ec8867a003c49ebfa43f6ff96b890c40b3fe31b0fc40bb344ded0
GuLoader
+ 157 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments