MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c3bc66d18946ecf4e0be034df58f5fdc4e7c78210c93a6b4c0a197288a976f0b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c3bc66d18946ecf4e0be034df58f5fdc4e7c78210c93a6b4c0a197288a976f0b
SHA3-384 hash: 0e0d93d9b38de5b0d678b14c494a55a12819c2fa1e6b72bdcb8ba14e3438d23be22d9e33f096f50f91aeaac140c002f5
SHA1 hash: 9f73f323e6d9fb4d3d40e32c90b57f35e5d1ab9b
MD5 hash: 48463eb8b5ff3aa0b0d6014d28f15e80
humanhash: carbon-utah-undress-oregon
File name:QUOTE 002242020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-04-29 19:05:09 UTC
Last seen:2020-05-02 07:49:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a33efd12cc308a2b01992946697c0d45 (1 x GuLoader)
ssdeep 384:SF1J4ffYMHC7WPz0f7S0cl4ND+O4Eq6iouTmRtKvP7rL9Sqt:E1mi71Wvlwiy7vRI7rL9j
Threatray 542 similar samples on MalwareBazaar
TLSH E7733C96B5D8E0B3D1924AB20F54FAF80A927D740C02CD03324E3B1D5A7BF15A9757A7
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
11
# of downloads :
107
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Razy.654246.13110.12884.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 09:22:20 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 30 (80.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yo6gnumji3wpjyf6ang7ld273rhhy6bbbsj2nngauglsrcuxn4fq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1523161db16fc567363e0ea7254b23144544a816dc31030a3a26b9f6efbfc34d
GuLoader
1794a70ea1648e95eb6c74976b5d9e88e1464328b339da71e3cd864e20838d5e
GuLoader
3310955f18335677243f9ce26cfb7c8129e1b74842eb1d87af6aa6004a5e3f1a
GuLoader
3446c44f768ea83d31f4f27788b294f5a45898023daaf299f7dcb8c8cbba472a
GuLoader
61d90a7cf82c0dcc1892fac3a5df6eae0407e2f4e0221af5d0f4223021024274
GuLoader
65131044759196e12700fd7ee31168c84bdf760ef3a8f421f49fe39ad5177e86
GuLoader
79b43a2463e2a406adba5e01b2c0cc5d58ce6989532e34e353cda8672dddbd4f
GuLoader
bb22a0c4a604064f5bad7484b31e06d0dc31f7ce01f26a5cceb78d71ea259daf
GuLoader
bbd8d503832b7b2b22c6892fc0d3047b022c67c81cc1226a89f33f9ac38795dc
GuLoader
d0daced4c604ca477c9f6f7c0e6fb80dfa9cabdb8a93ef7464a2b5ea066d171e
GuLoader
+ 532 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd

Comments