MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df34eee3a23ae66bb689bc1911e417cdaa7b51c353dc586bdb3280f86df09b55. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: df34eee3a23ae66bb689bc1911e417cdaa7b51c353dc586bdb3280f86df09b55
SHA3-384 hash: 8757c5f99e6a4535bcdd51606d889917a2ac10c452a4fd7043d6f8eff5ed6bcd6d1a85c595d033f74271796d79dda9e8
SHA1 hash: 3dc2355d4df2c68096d326293eaaff14df040e0c
MD5 hash: a329f8a12e805e595916babe82245c54
humanhash: whiskey-quebec-zulu-seven
File name:soapdoz.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:172'032 bytes
First seen:2020-04-21 15:38:10 UTC
Last seen:2020-04-21 17:00:37 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ad8786028a1bb90bf8d18e91b88400df (1 x GuLoader)
ssdeep 1536:DN8nCiYbEx+LF87z2mTQ28XvNdBYrm62Q2akF8N7T:Jy/8K7NMFXC32Q2a
Threatray 5'287 similar samples on MalwareBazaar
TLSH 94F3F7517E34A032D1250B707EAEC36BD7103EE5DDE5458F2140B72AEEB12862EF265E
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.LokiBot-7678947-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-04-21 15:37:55 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=342o5y5chltgxnujxqmrdzaxzwvhwuodkpofq263gkapq3pqtnkq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
043ba161ac2f0d30c5a15799d3ce26ec63989d278f58867aeff64ce7ecb41f42
GuLoader
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
GuLoader
1e7f88a0e73d63b2f6bbbb4c009b1eec11999ce62da1d3122473cabd502134c2
GuLoader
5db7e6a9bc7b775eb44e02266ff814ef0cd77dab54afd5fb3398ae56a5e92917
GuLoader
83968322ee41293c915a37779c384b39d1a0429303ed831291da984e7ff6877f
GuLoader
8842ac3497c777517b2f18152eabaa0994a460d249773a5e89a4e16bca2bd741
GuLoader
a4f594a78d5df595fe969cd0643707f5ca04aa10a7ef29f5617e3aa1e8db6d5f
GuLoader
d1e9ede488849faab5eb3e767704a4644cc79e6eaac8fe996d90fa164e68f620
GuLoader
e9f2f86fdb1d229abc6992957ae4148cd892884aee2a7e420ec7eb79c7e66062
GuLoader
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
GuLoader
+ 5'277 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments