MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c410f181985c48a013609ed25c046f7e87782ee807e2b8bd0199788a461eec90. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c410f181985c48a013609ed25c046f7e87782ee807e2b8bd0199788a461eec90
SHA3-384 hash: ddfc9542023a248ae8e7973ba87ca640314813604859e80ddbbd37998d9dffc30069da4215856ca70735149beb7aafc0
SHA1 hash: 37d0d8b539197ba573da68ae4ed5ef12978484a7
MD5 hash: b15d9807d4638a2b06059d96eabec719
humanhash: mexico-lamp-tango-foxtrot
File name:NEW PURCHASE ORDER.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:180'224 bytes
First seen:2020-04-20 18:55:39 UTC
Last seen:2020-04-21 04:53:33 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash cabdf82cd269e2e2ba8b013866560090 (1 x GuLoader)
ssdeep 1536:x7/iY1kmnGJQqrFY2ROGHvGqmUL4mnouzJ8b+HfXuM31jYyW:xCQ4YdG+Q95zJw8uM31jYyW
Threatray 763 similar samples on MalwareBazaar
TLSH CF0429617E70E472D02506306DAAC7BEC314BCE1EDE5454F6180BB1FEEB15D229A12AF
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
4
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.NetWire-7678904-0
Create hunting rule

Win.Dropper.NetWire-7679518-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-04-20 11:46:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yqipdamylrekae3at3jfybdpp2dxqlxia7rlrpibtf4iurq65sia._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
051101f45d03dac4583297cce0d708af562dedfa085b3d9dcfea40be2083e7ab
GuLoader
1cd0666b758f28d4d3a402dc10f1b185f5a1fbbe7f74cfceea475e72a5bbecb0
GuLoader
473f6c38f3047708289a930f291a474052b160a9090bc6c2844f53b6226805ad
GuLoader
4cd26d79cdab1d9f934cdee769ab7f1803735a120d95afb470a2466a088c4d5c
GuLoader
8fc12c74c5af599fd99d302b2429d8c8a5d3a5d243d7941758fda223ee3cb7eb
GuLoader
abb556afbfe3d5af87a2eea4a20e036896db78bfc4b30b7fa8cba8db866d364f
GuLoader
b65a42512465c82d804bdb56b5e1e633afa4571a20dc68d311ecad4a8fc3654d
GuLoader
c37ae1ed1bf166c96faa73db4544f415c2b81f0a42ccd5311e0aabc0b9e4f455
GuLoader
f5b55fe9b33435e6a2053e16b843b5e89f3f4f3c8dfaf778386f2896b5ec4b7d
GuLoader
ff350e4c35228fa75a4d170ed64610f657da14ef47d51c6417af50e861d06e34
GuLoader
+ 753 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments