MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e8967b1c2713c3513dc6acc371f01fed7795d86abc59467304980cb5cce762da. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e8967b1c2713c3513dc6acc371f01fed7795d86abc59467304980cb5cce762da
SHA3-384 hash: bbc0a28c906b00207b5db828bc5ec42ccba2d73e3409d351f860494489a5c468b4d9b886930f5b5068603dc5d28dc446
SHA1 hash: de70120e34d949278717d754508f0a897293ae72
MD5 hash: 6c1053ab0f439e694e5975449d607e3b
humanhash: salami-uniform-magnesium-queen
File name:Payment Slip_pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-04-27 05:39:34 UTC
Last seen:2020-04-27 06:49:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 5279e6736ec6a45423e4f8a0a051bba2 (1 x GuLoader)
ssdeep 768:7wyEvBCqzjvWwg3+quE59bWaOrTplYZqmNM3fM5wsqLspKQEOWDHX:7wo6iwxaOfpc5kgQV
Threatray 147 similar samples on MalwareBazaar
TLSH 99931A62B6A49CE1D9088DFB1AD0CE495133FC387E4B8B033BD53B6D1A369819B75352
Reporter cocaman
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.LokiBot-7710161-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-27 06:35:26 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5clhwhbhcpbvcpogvtbxd4a75v3zlwdkxrmum4yetagllthhmlna._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0011c686f49b6c536dd548a5b94f18d6aa41040c66cc483c10c006ee4d4efa27
GuLoader
485c73fe0877faf279ffb3673fdad3d2b2c3297e5003a09120b4ccc4d08d02d6
GuLoader
6eb0c244dd286ae14af2f201e66ff971d8ad21135e2d619751e3755d606eb748
GuLoader
9d13ac84ad63d41cfe44d18740193af498ac345ea1332d2759d4f4bc424b12b3
GuLoader
9d168ed314be4a7dff1ef992f27e493e1f5f070d0c74a6268b1dc78630ade9cd
GuLoader
b7f6d384bd648e73ceea79b31460e1d366102b59fff94e6b1690e72295db8288
GuLoader
bbacc68489937c2068a1f3d4c1dcf1a2e120bbfa6685bbdc2da7e4979ea7d101
GuLoader
d629c357618d0af63380cbd227dcdba8ec9af89e243ae67faaa7343ce9a91f01
GuLoader
dffc2ea9e2d70e83228e7e109b0e9c4f490df7c513ed32f3dd58fb4a3d5a4cab
GuLoader
f628cdc8433cc16e9fbb106d72759b0cec1926a090c7a1cd897f06af4c54784a
GuLoader
+ 137 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar fead839de354358b35134d26134afbf69e552de524574e73f0816e969b7d3437

GuLoader

Executable exe e8967b1c2713c3513dc6acc371f01fed7795d86abc59467304980cb5cce762da

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 fead839de354358b35134d26134afbf69e552de524574e73f0816e969b7d3437

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments