MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c59d091df1523f2d8780f22328334ff75da7773d81b7e1074440da4d53e8091f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c59d091df1523f2d8780f22328334ff75da7773d81b7e1074440da4d53e8091f
SHA3-384 hash: 87ad075abfb1b50d18ef54ed69f98b1601cf6ffe05a61cdff07fa67ff4f009b7c9effea4418d7d9adb4769518a6b0d12
SHA1 hash: 8de535dd82dca4a803530c2ffc57fc5251949be9
MD5 hash: d2d339ef53b39b56f30b159fb358b623
humanhash: yellow-lake-hydrogen-emma
File name:samy.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:122'880 bytes
First seen:2020-03-24 17:39:51 UTC
Last seen:2020-03-24 19:49:01 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash bf5aaf0cdf9c5e125e1a77a88678e827 (1 x GuLoader)
ssdeep 768:qLMNwC99zwXczDiSFQitm9qHclTTkoZVVlykAVxJNiYeBpylevl4444444U4A5NV:MMNNXzYSFkRlUoHykKiYeBPNNqCZ
TLSH 82C34926F644E405C8992F3C8DD5D7F81672AC216D20CAC77E42BF9E38F92229D5CB94
Reporter oppimaniac
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Generic-7640346-0
Create hunting rule

Win.Trojan.VBGeneric-7640372-0
Create hunting rule

Win.Malware.Generic-7640419-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-03-24 19:28:37 UTC
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ywoqshprki7s3b4a6irsqm2p65o2o5z5qg36cb2eidne2u7ibepq._file
Verdict:
malicious
Label(s):
pony
Create hunting rule
netwirerc
Create hunting rule
guloader
Create hunting rule
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe c59d091df1523f2d8780f22328334ff75da7773d81b7e1074440da4d53e8091f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/329311/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments