MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e51717961da9bde7f677cfec8ff187cbef56401334a87b2d45a0f2ef27c8cb44. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e51717961da9bde7f677cfec8ff187cbef56401334a87b2d45a0f2ef27c8cb44
SHA3-384 hash: 000b97bf48ac6c1f823372a1b429510026835c06672c1f3b675b06006981fa8a82eb137e6c9394c6d88c2dd5da554636
SHA1 hash: 8a1eaf80e407bdba484d929192f798b8530cfc69
MD5 hash: ce38a23c3dbe883f872c7c1e45432a24
humanhash: nitrogen-mockingbird-cardinal-neptune
File name:2020-30.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:94'208 bytes
First seen:2020-04-30 07:24:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 10549caf52016145b3dc7bec0ff09d87 (1 x GuLoader)
ssdeep 768:02OG9+QT3ZfmtdHvqwQD6ss4poHYuva9JhbI0XS95bN:lOG9+QTpOPHg/poHdvq3W7
Threatray 634 similar samples on MalwareBazaar
TLSH 4B93D6956FF4E0ABE56408F2475382A021D97F36ED212E13B2C87E2E7679781D4217F2
Reporter cocaman
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.VBGeneric-7726563-0
Create hunting rule

Win.Dropper.Fareit-7726574-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 17:26:56 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4ulrpfq5vg66p5txz7wi74mhzpxvmqatgsuhwlkfudzo6j6iznca._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1252cf08c8e83b899bd8b618b20950cde162f897cd6462aa64060e29c61c29b4
GuLoader
233b77662bc561852146198761fa55b8bd63b0c075150b8ea02a92aa2f5212e6
GuLoader
38d18cd2973bf872b3baabd7cc323741f8bd0c660bf9cfc91ddbb237f4618005
GuLoader
623d2dced40110b216c19c5d48ecb250235278055ca3a7192ac98a8640d663f2
GuLoader
7ba9e4b99caaf229425337ffb54ef594c715229cf47cffb01175e20cfb71f305
GuLoader
b3597e200f4430fc1d6bd0ad657e24824e32b9bbd59ad5f948a9a1bfbecca991
GuLoader
d025b24f7179db8dcc6dda416f90220e9559dde564a5b24c0dc7a02fc823c97c
GuLoader
e80e2cf38bd72bd64cafaaaa0eafc2965bdda90feeb5c153947f81dcdb98e6d0
GuLoader
f17c37c6d5e56b96e7d603d1eafcb885b8c229cd1a6ec1d669b1dadcce59bdef
GuLoader
f3b9c07ea611e968e7483b8828a480ff7b356a43eab344c984b37930c8dd6417
GuLoader
+ 624 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip 0404e53e7d82a26aef1df74ed6c2c620ba90fc9ad7a14401869f100f1e0ee21c

GuLoader

Executable exe e51717961da9bde7f677cfec8ff187cbef56401334a87b2d45a0f2ef27c8cb44

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 0404e53e7d82a26aef1df74ed6c2c620ba90fc9ad7a14401869f100f1e0ee21c

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaFileOpen

Comments