MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d4f504a85af7c8661492ea1a331220b4101db3e91a56fa0855dbedc0b9a9c1a3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d4f504a85af7c8661492ea1a331220b4101db3e91a56fa0855dbedc0b9a9c1a3
SHA3-384 hash: 9bfcbd96fb659f9c3b76f2ea3b4a277baf47d082cecab1792986f2b1f5ecca487a337d272295d16c82a53baaa833fa16
SHA1 hash: 3f17284fa95ed35282100f1918a8f03a1fc73d7c
MD5 hash: 9b449d95c179e8ba45c34b9d3c941950
humanhash: missouri-seventeen-utah-speaker
File name:Odeme II.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:69'632 bytes
First seen:2020-03-19 13:17:40 UTC
Last seen:2020-03-19 14:59:09 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash edf2e7abc64a31c1ad6a8ad8791891a5 (1 x GuLoader)
ssdeep 1536:rpqtQfe7aTPLyxGm0uJlHqUBSuYOAUvsluln3i:FqtQfe7Iy10+l3SLU5i
Threatray 869 similar samples on MalwareBazaar
TLSH 37635AA9E0F58CCAC81467F7CED7D27E44D27A17AA250B448C14FF7E08B6A486A3D560
Reporter ffforward
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedENT.133.12181.28245.UNOFFICIAL
Create hunting rule

Result
Threat name:
Unknown
Detection:
malicious
Classification:
rans.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/330042
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-16 18:32:20 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 30 (80.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2t2qjkc267egmfes5indgerawqib3m7jdjlpuccv3pw4bonjygrq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2b06bef1e11a4116301fd6fe39fee4f1a131cff248ba8e1213335161f51385f9
GuLoader
484b37c91fa9737deb4621d7adaec989419ba06a4e97ae797b7fa6fdbfaf3e67
GuLoader
525e84690c9ed421e2fef9331729469af6d9ec8edbd67f55ccbcaab6b688bd0c
GuLoader
94aa044af536864b0126b945a20ca29ccad0f3471d8ee3516c10b065ed49739f
GuLoader
9a71512b2f6878daa9df333705736af7c3a7e0c3a5327f4d245ac2c5eb0c7d5a
GuLoader
a32942109763f13605823aba9241a0b1b4f0feed87141a136d796dd6535d25f8
GuLoader
b6815b7c6bd39d114da295e839d472997b073db3d57429aadad20bb73c7b47c2
GuLoader
bbeaa86003be4d14ff5643c47d20ca8a44e4d7e655bda8a93439fbe7dd4e9066
GuLoader
c7552fe5ed044011aa09aebd5769b2b9f3df0faa8adaab42ef3bfff35f5190aa
GuLoader
da9905dfd7e60f5a61bd23a3820c461bb67d59f5dafea80ee20f838871c9ce83
GuLoader
+ 859 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d4f504a85af7c8661492ea1a331220b4101db3e91a56fa0855dbedc0b9a9c1a3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Joe
Joe Sandbox
https://www.joesandbox.com/analysis/216511/0/html
  
Delivery method
Distributed via e-mail link

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments