MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e21f97b929825abcec743229f6de039d2d0f34047decdb14b46ea54f699b7e4c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	e21f97b929825abcec743229f6de039d2d0f34047decdb14b46ea54f699b7e4c
SHA3-384 hash:	6c754e342f6f0c9f06542d39b9c5329268ad350663ce13a6a3ed9bedd36ddb533c2492797e12061a382c3832a1277b9c
SHA1 hash:	4caeef00486e16e4b666f51b8230ee19dac107b8
MD5 hash:	baa429563ee135cd40b2da1bed405825
humanhash:	north-double-four-virginia
File name:	PAYMENT_COPY.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	462'848 bytes
First seen:	2020-04-30 07:35:04 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	23533babf1c1de1f8bf23b2869cf0bb5 (1 x GuLoader)
ssdeep	12288:/Ul9wH9CxRsHPW/3Sct2CqtYxI2EmqAfTVGWQ+4dvV9WAksYT+c1EuK5U73:/dCxRKwdf7
Threatray	5'098 similar samples on MalwareBazaar
TLSH	78A47C723EFE3A56CE80947A649D636282DC407EBF7411937F4D286A4D3F86B9E71021
Reporter	jarumlus
Tags:	GuLoader

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.Razy-6914662-0

Win.Dropper.Remcos-6972859-0

Gathering data

Threat name:

Win32.Trojan.Noon

Status:

Malicious

First seen:

2019-05-10 12:08:27 UTC

AV detection:

26 of 29 (89.66%)

Threat level:

5/5

Verdict:

malicious

Label(s):

netwirerc

guloader

GuLoader

2a40a9e18303875b2db452783190820001c898e8374864fec29793bf43bbe401

GuLoader

4fc6cac9d7547036158bc3aa8be06f2a6be57eabc406abf3a39c2cacb5f410b8

GuLoader

5dd8b3d4a4968fecce4bdee9ef9a29df44fa7ce4ad73002ba4dfc5ac14fa9c41

GuLoader

63b52bedfe18fe9a059dafcf21ed7d2bd58b00e8b4078c98e165c36e3d347b60

GuLoader

8842ac3497c777517b2f18152eabaa0994a460d249773a5e89a4e16bca2bd741

GuLoader

8a1f8815b2d54f7171358001bec7be97d87660a29d8bce9d247da901b012f594

GuLoader

916237116e09e4233846389b7410a8ccc7e7ef96c0ed97c3fdb19a08499504af

GuLoader

a14dc3eb54f3876b3a2bfc6e0aa105c832fc5424130c43248995cceda6790133

GuLoader

ebfc26187e0b0ad6924461b1f2476321c53b5a23fbfe246e3ed5a475a1ea5678

GuLoader

+ 5'088 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::EVENT_SINK_AddRef

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample