MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e45490584a68e394f6714a78c96988adc241fd3acd783337bd66f26117535454. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e45490584a68e394f6714a78c96988adc241fd3acd783337bd66f26117535454
SHA3-384 hash: 06ca6736cc935d805ee38aa1b7b7da496a28789935ec36a737b1cda69195261693dc948591a7b3d72304cbaae31864d3
SHA1 hash: 7d5230ad8bed35a7b965c83a564e26796f72ea1d
MD5 hash: cb7ecacb12d5e8ed95895036c1ca66f9
humanhash: crazy-december-william-aspen
File name:SecuriteInfo.com.Trojan.DownLoader33.17428.9560.17428
Download: download sample
Signature GuLoader
Create hunting rule
File size:69'632 bytes
First seen:2020-03-18 21:48:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ead819438ef663fd23bd17281b7cda39 (1 x GuLoader)
ssdeep 1536:MFaAWIcCNMUBhEFPiB+wE1x0tFC4tZbv/faY8VDtdatJm7FSUUUUUnqYKU3ufUQ5:V2BKjdatGhq7C9esO
Threatray 4'827 similar samples on MalwareBazaar
TLSH 07635CE6F2A92E5BC46E7576E86B596C03186EB2DD48073B5CC037A815772400CB7FB8
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.17428.9560.17428.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-03-18 06:58:45 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4rkjawckndrzj5trjj4ms2mivxbed7j2zv4dgn55m3zgcf2tkrka._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
043ba161ac2f0d30c5a15799d3ce26ec63989d278f58867aeff64ce7ecb41f42
GuLoader
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
GuLoader
27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20
GuLoader
2bde030373678bb2df1223cd3e3c4e7f2992e30739dcc63b688368f02a100067
GuLoader
8842ac3497c777517b2f18152eabaa0994a460d249773a5e89a4e16bca2bd741
GuLoader
9d545cae8b73e11800aaf794b2919bb8972511e4e217eaf1a51c3f38c17bb412
GuLoader
b4c98180c88d1c3aeea6d37b0642d5fa3a9d282b417615a7f3c8cda80389ae64
GuLoader
bcdfc779372272941a86132fe14ef811d9d0faa47e5430175122b0bc2a215dcb
GuLoader
d05efc3d09d7c08668da10c09101815e0af2f3376a03512e959ca467835b9c26
GuLoader
ebfc26187e0b0ad6924461b1f2476321c53b5a23fbfe246e3ed5a475a1ea5678
GuLoader
+ 4'817 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e45490584a68e394f6714a78c96988adc241fd3acd783337bd66f26117535454

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe e45490584a68e394f6714a78c96988adc241fd3acd783337bd66f26117535454

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/326527/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments