MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d0b6012ecc58a3cc6789c5d65c3949b73c9dfa7e671a943da6d41094fdaac9ed. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d0b6012ecc58a3cc6789c5d65c3949b73c9dfa7e671a943da6d41094fdaac9ed
SHA3-384 hash: 73f1d5a9af79cec94c30e0ee2db04c9b2bd1a8d3dff9998fd7800f955cde07b2881b25326c6a1ae48a9667bb9235e2f6
SHA1 hash: 3e180ba324f75c510ebdd7179b6f019a8e09b9a4
MD5 hash: 8f8607a56f8b30bf19e0d1aaa4006ae9
humanhash: potato-iowa-washington-maryland
File name:WHO_DOC.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-04-01 13:19:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0a1d3b40255aad9ab92c2cd67633dbef (1 x GuLoader)
ssdeep 1536:TVOOd9Ujqn7WMEpyg4g+c/jdgGWvO50uz:JvUjkNEAIgkn
Threatray 860 similar samples on MalwareBazaar
TLSH 75A3C512FA408CA8C1284DF5973A97DC2355BE35FA49AE4325C93EDE7FF12502502B9B
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.25226.24793.31423.UNOFFICIAL
Create hunting rule

Win.Packed.Vebzenpak-7649913-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-04-01 09:17:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2c3aclwmlcr4yz4jyxlfyokjw46j36t6m4njipng2qijj7nkzhwq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0c2ba22f44fb373764a526f9b132f6bad6dde99c009053cef468cea45006df2d
GuLoader
28dfc81c0660d22a889fa79cf30b0698e1f4c78a6693c277931868b67b29646e
GuLoader
2b44eaee1eb9f472580e06b30bc5eba6f513905abe768229ba6290bd1e4da1a5
GuLoader
46387625361cd440a23520b7bda25f402b586d00a44229754ab776e5e1bf34f7
GuLoader
7a3cdb575c0821cb1a8c492105fb674999f7fb0674007b669ef837a77335e447
GuLoader
ae386b6cfbca2ad61a9a4d642e99cd9bfaf9cf7fd647c2b420884df5f6692ddd
GuLoader
b6815b7c6bd39d114da295e839d472997b073db3d57429aadad20bb73c7b47c2
GuLoader
bd476e4d4bb6f46ca0e62c6a2ab34f90b025d3cc6a0895be9073bd48997d1b47
GuLoader
c7552fe5ed044011aa09aebd5769b2b9f3df0faa8adaab42ef3bfff35f5190aa
GuLoader
fcaa4b93dbdb7ca43dab06e0afb63117ca21a864f7ccf6f6eb7a4581ded48464
GuLoader
+ 850 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

GuLoader

Executable exe d0b6012ecc58a3cc6789c5d65c3949b73c9dfa7e671a943da6d41094fdaac9ed

(this sample)

AZORult

Executable exe aa0d8f39df9933c407085dcb148e8c2689c199fbcfef4ffd0c66278fbfc9f19b

  
Delivery method
Other
  
Dropping
SHA256 aa0d8f39df9933c407085dcb148e8c2689c199fbcfef4ffd0c66278fbfc9f19b
  
Dropping
MD5 a2a8621a72c2155cd7dfe94eab0872a3

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaErrorOverflow

Comments