MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c76654971c4af60511d3583a3bd00c673904569aa93973687e14e95b9e80de6f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c76654971c4af60511d3583a3bd00c673904569aa93973687e14e95b9e80de6f
SHA3-384 hash: b5bd01bd791035ce01e45bede8a5b3161a9621849a27207ce393ec13c28228a267d09fb8188ceeebfcddba8253bdabe7
SHA1 hash: 32b432821554aec07a5f6bb3c4f52d7ccd59011c
MD5 hash: c55fb75a7de843fb950bfc093b43ee6e
humanhash: sink-cardinal-lion-lemon
File name:SecuriteInfo.com.Gen.NN.ZevbaF.34100.hm0@aGW4zfpi.22167
Download: download sample
Signature GuLoader
Create hunting rule
File size:118'784 bytes
First seen:2020-03-24 02:06:06 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a8d027f9614a8fe331467b0ea7e1a1fe (1 x GuLoader)
ssdeep 768:31JFILYX/9W2pbptkB/M/HIcOeaFXf5EGqPqu7XKEgMvv0cXcZlHEoRFNHsm:31ILmD2SqFx9qPqMXtgMH0VwoH95
Threatray 852 similar samples on MalwareBazaar
TLSH 58C36B32F594D465C4862E7C4D89C2F40271ED225E29C6C77E04FFAE7AF9683D918B60
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Gen.NN.ZevbaF.34100.hm0@aGW4zfpi.22167.UNOFFICIAL
Create hunting rule

Win.Dropper.Agent-7725907-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-23 23:33:06 UTC
AV detection:
24 of 30 (80.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=y5tfjfy4jl3akeotla5dxuamm44qivu2ve4xg2d6ctuvxhua3zxq._file
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
guloader
Create hunting rule
Similar samples:
032624661ba64ab1c3ca40a7a47b3635ee6b6a3442ca6bfb7a41a4a8de7b0fb5
GuLoader
27d318fe5d1d8f02c39b6b82690e4be83eeb3f357618cbabd7d808a23924b277
GuLoader
2bd30faef9e89799bc33f076afc8f3521bc84018c8e27829e8f475ee1c8dc13b
GuLoader
3df464cdb09ec8aed7589b31541a291c9b921f49b2cc97aa34d363161366db8a
GuLoader
4fb3528f5fc1a30b03cf69920e1db68cd4943c1c303a09cac0723a10abfcc378
GuLoader
5cd5f57afb04ba3ce4e5aaee5a7fa7d10b24a334e30911a49a4cc4cb52982848
GuLoader
65bd5f3bc433f60bfc5ea392aaa33539592d657cbe2d316b25b24c9e12c225cc
GuLoader
844fb0d61ff2be56043914797b2e0123e111f616bbd743e3ecfee5c340651146
GuLoader
a07051295b50dfe762f42e922f6815e4554ae1b392da5810b88893cb91ac3b7e
GuLoader
d23143c08dadac0a9421456456e6b86934fcde6833dedd9461a9b1ec111e1931
GuLoader
+ 842 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe c76654971c4af60511d3583a3bd00c673904569aa93973687e14e95b9e80de6f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/328893/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments