MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ced4cad0c45556ad653fa0b3f43e3312963f6d5e36f8eafe9bd5983a9b1480d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ced4cad0c45556ad653fa0b3f43e3312963f6d5e36f8eafe9bd5983a9b1480d6
SHA3-384 hash: 4a7985bd30d91c521609bba1740be637be5c92c97a0b1c0cc59803679cc1e24fbb631ea23197b283f2116d38e91370f8
SHA1 hash: a450d1774864fe0bab3462788cc8e0e4b804d191
MD5 hash: 50909248d2356066a07b8eac5b672661
humanhash: jig-ohio-equal-double
File name:Shipment Document BL,INV and Packing list Attached.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:143'360 bytes
First seen:2020-03-27 06:58:30 UTC
Last seen:2020-03-27 08:41:28 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 01b666fbf9d30734bd3f167b2224602c (1 x GuLoader)
ssdeep 1536:t5IlsLnGRAXqEGujcox5hFA1n5/WQOwfOcOjN:t6iEA5Fx5fKnTtfM
Threatray 523 similar samples on MalwareBazaar
TLSH 86E34A33A958C4AAD8254A704F6847E50A336D10A59AAFCB77C57B1F9CF8E03DCE0295
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Vebzenpak-7645390-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-27 07:35:46 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=z3kmvugekvlk2zj7ucz7iprtckld63k6g34ov7u32wmdvgyuqdla._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
012b683060a510c536e2aff1fabc3b4e7436923235754cb28fd3cc18c916eb4c
GuLoader
042d9df5372defe8f9cf6f5f2373d82f6ddfe516216c58129321490da7933533
GuLoader
22722e6e6da1ce062caad041e121b74af35678e455cfc0de59c3ea1eeb469520
GuLoader
2a214959e1a85a4d11444053d4262961ee29e2cc53c3f4ae8f1a59152e5d67f3
GuLoader
408dee36246bfc43507e71d97c58949a9c7aee6b5cc991841a6000d54198fcd1
GuLoader
4f698e8a2063767df2bdd680a5e982cbb54d63bd40a2e8abfd563201b9614a8e
GuLoader
5e2170c1285ef31bc8c61c81280f3718c789454944ac56e310e12b77858a922b
GuLoader
7a8db6a831edc72a1811ed42f3f0ce72ccb93455284b65dbc374a4298eee52f2
GuLoader
ef0116d9f61a26ad233dc3edc1990eb6c83b0398a593c65ef19f106008892eee
GuLoader
f0e91f423775ca9ba80077774a4de1a212e890d285bdb587b003d57ba0f68b1c
GuLoader
+ 513 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

GuLoader

Executable exe ced4cad0c45556ad653fa0b3f43e3312963f6d5e36f8eafe9bd5983a9b1480d6

(this sample)

Executable exe bb79ca40a23b15eeca9e2f343ec61a525e8facc9a14572c92eb8d4c7a4871bbc

  
Dropping
SHA256 bb79ca40a23b15eeca9e2f343ec61a525e8facc9a14572c92eb8d4c7a4871bbc
  
Dropping
SHA256 bb79ca40a23b15eeca9e2f343ec61a525e8facc9a14572c92eb8d4c7a4871bbc
  
Dropping
MD5 be7a436c47bbbd6bf84674032b1e82a1

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments