MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c9f5530468fde1d7a198bc7dd5a43c390b234f10649dcdbdc25890c0563d4691. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c9f5530468fde1d7a198bc7dd5a43c390b234f10649dcdbdc25890c0563d4691
SHA3-384 hash: fa2feb044073a1aef4b43e302ea5802623f0995f1c11af0a5bd8e50d397881278eb5e352cbd9bf5e90a10e90bbc4217b
SHA1 hash: 481c870211a63cad43c0194c7af4c82b01b73b79
MD5 hash: 74a1adf3af7eaba49b91bdb10e4ccfc1
humanhash: six-mirror-zebra-lamp
File name:Company Profile.bat
Download: download sample
Signature GuLoader
Create hunting rule
File size:45'056 bytes
First seen:2020-03-18 16:47:42 UTC
Last seen:2020-03-18 18:34:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1a6a8b163ad232b4d7c32f51d801c9ea (1 x GuLoader)
ssdeep 768:uW+668gnYP7w727hhKrAYVAlJD/PHLZc:uWC8gnYmE3KAjc
Threatray 897 similar samples on MalwareBazaar
TLSH 43135B2EB938CBC1FCC99D357CD3779C2813ED2E4E129606A5D0BB9E1C3296518DA85C
Reporter cocaman
Tags:bat GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.44997.20528.742.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-17 00:10:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 30 (80.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zh2vgbdi7xq5pimyxr65ljb4hefsgtyqmso43poclcimavr5i2iq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0c780ce6cb4281a12cf329e18bdf36b987e34dd15379a4c2f6f8e03ba56e13be
GuLoader
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
GuLoader
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
GuLoader
5c86fcf32d1f15a745dd2f39989630ac310d1aee52af7b5f762f75f8855879ab
GuLoader
89210ae907c9573298a900f88b97082c190618d64ecfa37eb5afda4615629475
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
baeafce74cc8a5c40bd2b6ba2e38312834e48f23f655cfae1d1ae8e78e375b84
GuLoader
c228a5356a247fc6ed50ff785a9364a7a9656c8f30e09e82f6e3f498a7f43353
GuLoader
db740f36a91f4fa311184714bdb059022ba29a054975db509a5bb782eb542533
GuLoader
ef8f03a25087eeab581d8439a0a19ba7148270d2210d479c1d6867fac69dc813
GuLoader
+ 887 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c9f5530468fde1d7a198bc7dd5a43c390b234f10649dcdbdc25890c0563d4691

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

r09 d97f9cc23ccca13e6a5969e7736c0757f54237e801a8f3070d782b64b3aad537

GuLoader

Executable exe c9f5530468fde1d7a198bc7dd5a43c390b234f10649dcdbdc25890c0563d4691

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 d97f9cc23ccca13e6a5969e7736c0757f54237e801a8f3070d782b64b3aad537

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments