MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ca73b141e59412b434f105fef26227cea43190fbf99e7be806f00b9b9f7a9428. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ca73b141e59412b434f105fef26227cea43190fbf99e7be806f00b9b9f7a9428
SHA3-384 hash: 04421a9f353560b87c097fbabf55d87db73c21aca9938f4ce2fb3782243811cea49bdec3753710b836f40d6ab3432816
SHA1 hash: 5ca32bf02309274c506ff4254e60f6fefea25b25
MD5 hash: 1826c6a1acb278b8c786acea6103c447
humanhash: north-five-artist-enemy
File name:TIVOLI GROUP_02.04.20..exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-04-29 07:02:04 UTC
Last seen:2020-04-29 08:01:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d0875061217e1cce8cf322ae7dd0f5fe (1 x GuLoader)
ssdeep 384:1d95tmSaYY6Cm7dycIugnukaaUV0welRlFf9aNev70zAPZLN7W8gwIybyKvs3/sx:Ts0D+nWVMt9a8v70URLNNgQyKM/sM
Threatray 1'140 similar samples on MalwareBazaar
TLSH 2D731956B0C9C07FEA2A86776B21CBEC5919FD341CC8CC0774443E6D3A7AAC4A6151EB
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Remcos-7723762-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 12:17:34 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 30 (80.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zjz3cqpfsqjlinhrax7peyrhz2sddeh37gphx2ag6afzxh32squa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
102a406e2b148d3dff10dc067b37c4cfbe7594c9e10dc3dc2d3b13b3c908678e
GuLoader
277ad2e30607538075324d56c194f6256f2a37245f952038d709f237545bf0f1
GuLoader
305a2d609d4d34967a53c2f44b9c48acd3e683ac3be396bdb359ba0398da7a75
GuLoader
3d4b5ca6cf89ed481dee43c1b33dfd03c0863631efbbce57f1d678341f827872
GuLoader
4cab1aacfb805a94301d5f14ff07c8a4c07cef2b81897c19fd35a04c5cfe2b68
GuLoader
4e49f8ed15a69e1147ae9428c9e5b4d4aa928769f261627abc059d2060e94a6b
GuLoader
62009eba5623f35454d0d19824c688a0f1fb45dfa88516a3999680f984bdf1f7
GuLoader
8eb33d0b08f137c3aa3f66d5afe0188b9b60458f95ecf8a2f2ca3815059e2fca
GuLoader
d4d2c82cdc75f723e08d6139593a5a651e75e74b885acf480fe41c239d99e548
GuLoader
f52e553ac38124b5eb9662305ddf404df6a8c68d9287137c938a920eadeebe0e
GuLoader
+ 1'130 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments