MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e187821f898ec00b0e007b899046c51fe7f950ae2e44ebf60bcfe83dd1e04530. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e187821f898ec00b0e007b899046c51fe7f950ae2e44ebf60bcfe83dd1e04530
SHA3-384 hash: af4e9c745c9ccce749658577cc0ef1111734719e3b4c379dbdc079a471098d23e525fa9aab7d2287a1624644c017c622
SHA1 hash: d286cfd163ee7c7d8ae3d8f9b5a416ee154ab636
MD5 hash: 23a2c3234ab050e8364c44aea6de69eb
humanhash: earth-virginia-nebraska-golf
File name:Order_09.03.2020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:57'344 bytes
First seen:2020-03-20 18:01:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 09d761558c43c677d28155824b2209ab (1 x GuLoader)
ssdeep 384:G+5scelOFdxBpHbVuNvES5/1p4klsOTbh4+dReVwoGHdRsArr2rOuJ1LS3kgBzFg:GxCFPMNvEsPlsqTiIdRsorZu8F4
Threatray 1'152 similar samples on MalwareBazaar
TLSH 70437D13B726CD95C5444E3659A253D413B2FF98AC204B4BA1927B9C34B7EB00EFA5A2
Reporter c_APT_ure
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.VBGeneric-7617716-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-12 22:53:00 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4gdyeh4jr3aawdqapoezarwfd7t7sufofzcox5qlz7ud3upaiuya._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2a1dd64638dac970b58a8dc939415fcc2a4532211295f1c72370df4df91447e1
GuLoader
45310ab9b43a84346d6c41c5286fab15c4921920461aa2c58ecf375d6070d4ef
GuLoader
65ec71a21b121cb6b5ad5c16425f217589eac46a8879aad3a8f04f5e5b2d872e
GuLoader
7f75534af5e989dd99a02227f555d7fdb4b57396b2eb8fb02eb71623b857395e
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b0e40f83154bce1343f616094c5c67fb9991f06aa7a0fb1915f952e40c3d1bba
GuLoader
c5ef77c9b5293774ac7a58fba97cce6a84d3948af08b014a08c155e978c09eef
GuLoader
efbf4adb2b50d1284084841e1d5c1deb99a69d979fced2d2a5675fc666e3b76a
GuLoader
f18e31ee1b4c8d1561cfce6bafa731020f5838566393728d1c0de1cbde333ef6
GuLoader
fffe29a16f9f4f06318d753e6941bd4bc57f638a8dfd212fd8212d8ee1313647
GuLoader
+ 1'142 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e187821f898ec00b0e007b899046c51fe7f950ae2e44ebf60bcfe83dd1e04530

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments