MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c5f668176f1cc10b8351eaf2813cf2b2c07f5233eb39b319ef99afbf4179dd33. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c5f668176f1cc10b8351eaf2813cf2b2c07f5233eb39b319ef99afbf4179dd33
SHA3-384 hash: bd225faa49d510cbbe1daf0ddc58f4193a6b26ce7bd8ef4a39eea81663c74ed207ef7aa3a4635b1b8751651ad80848ae
SHA1 hash: ac683753a07462c7b181e6cecb9c1bd2529db34a
MD5 hash: 364467266759868bd422dd4ab476d3e7
humanhash: william-earth-oranges-pizza
File name:Ref 0180066743.pdf.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:204'800 bytes
First seen:2020-04-22 16:41:34 UTC
Last seen:2020-04-23 08:49:48 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f1fe2321e9c83d481539414a778a7d38 (1 x GuLoader)
ssdeep 3072:YykCdoq2BEzR70m44kr2VhgTc/KVzpOTH:Iq2BK0OaVzpM
Threatray 257 similar samples on MalwareBazaar
TLSH 5E14F8517E70E562D2104A322EE5C3B9C2547DE6C9E5C74F2440776EFEB22D228A1B2F
Reporter cocaman
Tags:bat GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Agent.EPPZ.21874.13983.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Malrep
Create hunting rule
Status:
Malicious
First seen:
2020-04-22 17:32:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yx3gqf3pdtaqxa2r5lzicphswlah6urt5m43ggpptgx36qlz3uzq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
035cca1ee500852ef7fda67e60c373ed2a57756c5fefa60ba7a05aae5b9021ab
GuLoader
350b35550e10e3ed50b1337e8899ab2eb9c9cbae7c077027f52bab3c5266bb84
GuLoader
5b9ba311bf0eebf151a0146d7e43c40e2b98929a07dcffc6f286e21558487a4e
GuLoader
5ff77cfc952a63f6c75709db72ca3ddd2b362bf416bb454957f3b8bfdbaafd50
GuLoader
67aa5b86db90b286266d57324824825453a9db72b15414ee064dbf01085d00b4
GuLoader
abb556afbfe3d5af87a2eea4a20e036896db78bfc4b30b7fa8cba8db866d364f
GuLoader
be45d144f539c0ef3ce8329cebcc9e26167f293bec1a9e82f5e7294a6fc17c5f
GuLoader
dea51f7f074a8d9b0e30626e11ca4a79de602da24ba64d0222ee1162a5fbb5ba
GuLoader
f1e6db23f71358086c0a6d54602989535e6c25309d92af9f0db056d4a372fe8e
GuLoader
f2f28583a4690e1bc531879d34c4eeeeab62a88ec34e204b77428a640c0d00fa
GuLoader
+ 247 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz 7c1cfe3e68d6f815adedfc47ba2731ea59e54c75772e3b7f00ff6fc459003c4b

GuLoader

Executable exe c5f668176f1cc10b8351eaf2813cf2b2c07f5233eb39b319ef99afbf4179dd33

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 7c1cfe3e68d6f815adedfc47ba2731ea59e54c75772e3b7f00ff6fc459003c4b

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments