MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c61ff47c382b7819f475a74693395a56e30741d2d126d0e7212d1ffc42814d57. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c61ff47c382b7819f475a74693395a56e30741d2d126d0e7212d1ffc42814d57
SHA3-384 hash: 1b59b3d8563fee5a665dead78d909d51822f33c9b7689e7d249c6cd16c273d647cabc0d253ee1df01747a97d3573138d
SHA1 hash: 448085ed2107a090de66e6534c9cb4fa4f7e99e8
MD5 hash: 4943f541997b693c4159d62c12c8c88f
humanhash: cat-single-quiet-early
File name:Order Comfirmation.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:188'416 bytes
First seen:2020-04-21 04:11:51 UTC
Last seen:2020-04-21 06:38:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash fffdac6e5ad25227a07f4c190be23999 (1 x GuLoader)
ssdeep 1536:FtIq5NBBE451U6bKqI2ja5DTcEB9Lmpb6kcq/tIlkGH:fl5N3Q6mEClFK6SVG
Threatray 64 similar samples on MalwareBazaar
TLSH B1042B227EB0E072D11106742EEEC3BED2147DE5D8E8488F6584BB1FAFB15D2246529F
Reporter jarumlus
Tags:AgentTesla GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.NetWire-7679701-0
Create hunting rule

Win.Dropper.NetWire-7690680-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Dynamer
Create hunting rule
Status:
Malicious
First seen:
2020-04-20 16:09:21 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yyp7i7byfn4bt5dvu5djgok2k3rqoqos2etnbzzbfup7yqubjvlq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
2b44eaee1eb9f472580e06b30bc5eba6f513905abe768229ba6290bd1e4da1a5
GuLoader
44cac425f9daa34c012650bb145870ee3df2d1f5a87da9d58d20539ad8f51f10
GuLoader
5b892ce9a266715a38a7d46284582d2821f630d24a38db350795eab5da951c42
GuLoader
6269fd417f93e7c0d7cab576b35dc3b6f6a58c0f04e75533bad84987c228f0e6
GuLoader
6a277e9e2f6049fb8009d2f139a217b53da1448d7ca5c4da751336bd00d44ae1
GuLoader
821103b0d22e0d776910785b51b0f39077615aca677ac97f5c6790acb214bcd6
GuLoader
ad8c070c48103dbc11875a052aa0447395f6ddda11e3f9e8aed091f0bb14050d
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c40967ded56321a744c0e32a8e18216a906e38d35262693a21e95a9683a47441
GuLoader
+ 54 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments