MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e0d0b8ce88eb76ca3cb8339d7f49d2d198b2a51b43949b4ddd23a40889cafcc9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e0d0b8ce88eb76ca3cb8339d7f49d2d198b2a51b43949b4ddd23a40889cafcc9
SHA3-384 hash: abb919f7b7c800688fd4ccbf2c45a053abfe8add8a5d8d7a4747df26d677b057fb585ca1ca6a424504c0912bf30c5e74
SHA1 hash: 2c5f723d27b4aca88fa1ae513b718a7171e8757e
MD5 hash: 41af8a204ffb34061e5387f84a9904dc
humanhash: network-carbon-muppet-ceiling
File name:PI.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:147'456 bytes
First seen:2020-03-26 19:23:18 UTC
Last seen:2020-03-26 20:47:56 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 926d1d31f9f8959ebd3637b8ee5cc250 (1 x GuLoader)
ssdeep 3072:tr75d2yKelwyP5vvBSNftxAQ1/z3d2tBrn+qljpQvVB:txd/BvvBSNftxAQ1/z3d2tBrn+qljpQN
Threatray 1'567 similar samples on MalwareBazaar
TLSH 9FE35A3B7E60C584EC510E315D958AA16DA67C309E660BCBE366779C2DF6B43EE90302
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.45734.5219.9291.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-26 13:18:05 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4dilrtui5n3mupfygoox6sos2gmlfji3iokjwto5eosarcok7teq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
50d487621decc715e2b3e349679aba07ecb93d3ee55a3605ec0606d11a05dcd2
GuLoader
6dcf4557563343e881daf4b7d7b01e372457cee637ac001a1102a2e67a69cbf8
GuLoader
8fa47ee760cf1c21de132ec77eef49282a2312f197aba6026ee1de750051014b
GuLoader
a3314185c4c7b813105231aa59fbf2045b1fa595fd4bf322370112926afc24a7
GuLoader
aee6f41ba3393811f2980cec1714785039dd6cfcc629b81479fc376f635868c7
GuLoader
bed06510d878aedc81671ebf83fb2dd246f88de58514124d166e0831b4d9c4d0
GuLoader
c7c2e3e6dc40ec793635b6f18e44223d8cbf9fb621ee0d5b374b709510fe2d9a
GuLoader
c884dcf4fa00359eeb51ead67cd41d9a68b71f09e3588f03456244eddaa36fa0
GuLoader
d30f4ed99917a14353e7c981b527597931c9d7440e55173bb44dd6ac6317da95
GuLoader
fb6a49d393c339750c2effe7797cf304d7d9bb8c95fdaa3431af177f7a677ba8
GuLoader
+ 1'557 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments