MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d05800ab82af8100fbb6ee66729de2aa580f8acde780df49ef14b4213f316e87. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	d05800ab82af8100fbb6ee66729de2aa580f8acde780df49ef14b4213f316e87
SHA3-384 hash:	6f4736bce092bdb241e66728715d65f6c7036dd8fdd0733758bbc3d024c14ffe42823b796ca7c41894761a689360d930
SHA1 hash:	c7d474a62687f62b9eefa8433707860d3b9d049c
MD5 hash:	84e721c07b2fd4c94630e74bbf53d04b
humanhash:	mobile-illinois-triple-michigan
File name:	RFQ QUOTATION.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	77'824 bytes
First seen:	2020-03-19 06:31:40 UTC
Last seen:	2020-03-19 09:17:21 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	aabf3eb902371023c1492af9ea347265 (1 x GuLoader)
ssdeep	1536:rIhVCz0HtslmHTftKNMj3leKXXt3/2se:0az0NgQ0NMj1eYF2se
Threatray	1'441 similar samples on MalwareBazaar
TLSH	74737C42FB50E835C459CB3E6C0AD6E1211B7CA96951D99B3A84BB0F6CF00B29F4DB18
Reporter	cocaman
Tags:	exe GuLoader

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Vebzenpak-7639767-0

Win.Trojan.Vebzenpak-7640209-0

Gathering data

Threat name:

Win32.Trojan.Fareit

Status:

Malicious

First seen:

2020-03-19 12:19:38 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

24 of 30 (80.00%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=2bmabk4cv6aqb65w5zthfhpcvjma7cwn46an6sppcs2ccpzrn2dq._file

Verdict:

malicious

Label(s):

lokipasswordstealer(pws)

guloader

GuLoader

23eb70abd818d93364ae2f896425d05fd38788c54429f874fabade1671b267b6

GuLoader

2b419f986ea266fa5826fbb6858782f7c2acfda73aa5ec5cb21d64537d6a4ea1

GuLoader

89e54f19c04bb28c90f0ee75419a149c8178f9841435a20be727506d0c9506d3

GuLoader

8e73f4dbd13dd1cf8475bab8fae351b8a05507e429bd3b3700fca13dc764d66a

GuLoader

bea57552e1978630f3038e4df06ea8fe0d34c9c1656c971f2bb01a894b0f67eb

GuLoader

bf6d2e90c5fd6b327f1e513402eb01491ac8487b682243450ad684de5e6e62d4

GuLoader

dfe66d2e7938bed4e4452f82519a8b02d0ac89e74341a4abee8b2ec1c6a7ffb6

GuLoader

e01f7d5f5a34bc9fde408c3f3fb441b76b6a2c3e2915cbf98ac5ca84e61e2b5d

GuLoader

fe7a6728da6e544a5963774daa1bae063246a1211a815abdb736ea7a31d7bd30

GuLoader

+ 1'431 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/d05800ab82af8100fbb6ee66729de2aa580f8acde780df49ef14b4213f316e87

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar f23d8195444b4f56d9034da812a748fc53bc21e6a721b8a20038701758d80be7

GuLoader

exe d05800ab82af8100fbb6ee66729de2aa580f8acde780df49ef14b4213f316e87

(this sample)

Delivery method

Other

Dropped by

SHA256 f23d8195444b4f56d9034da812a748fc53bc21e6a721b8a20038701758d80be7

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::EVENT_SINK_AddRef

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample