MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ea4144b221a06872b7b1b7110acb32e34893b88fce0495d4ef1830bdac5e8440. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ea4144b221a06872b7b1b7110acb32e34893b88fce0495d4ef1830bdac5e8440
SHA3-384 hash: 3aa6eabe5f9d0f5c879acce0574dc157154d916239536432339a9dc64f49a30749f2e385e78899c51350afca1542f135
SHA1 hash: 679a9eab0c1ea59f80a2f903384e2f546c18152c
MD5 hash: e83722d50a617f5551b51ee06c3a7c99
humanhash: single-pizza-island-four
File name:ReReNEW ORDER.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-04-30 20:17:45 UTC
Last seen:2020-05-01 07:21:27 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b32641f5a33a806b24b60005c5eaf792 (1 x GuLoader)
ssdeep 768:5aCEjA0c4hMLutRqGyJ75ohKUIGEXLtKwzdxibG:QhANLkRqP75WKHGEXLtKUdqG
Threatray 164 similar samples on MalwareBazaar
TLSH C8835B26B1C8DA72E51887B98F32C3F4251BBD301D50C90772C9BB2E5E74E8599D038B
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Win.Malware.Generic-7740162-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 20:35:27 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 30 (76.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5jaujmrbubuhfn5rw4iqvszs4nejhoepzycjlvhpdayl3lc6qraa._file
Verdict:
malicious
Similar samples:
1e69b9f6dc891618bed32c776bb20ffc62b8ca9700241a145eb4246c23d864a4
GuLoader
3ceb6064faccd6e14f29b29580731e0239928c13f5ee8d942fa743530b2ed73b
GuLoader
472a4d21f664dbdb78739e9847cda51b6bb6d1a296307fff8a3991d5543056b3
GuLoader
5749af95d51ba8e5d08b5724c8806a4e9fdd137ad4424ca2dd6f025a2662b421
GuLoader
8969c43b9a620f08efca63187be703ec6655dfaa6168956a428ce2821ff67654
GuLoader
a05ae5c56a5a5c24f2c7276f2c669cb33c09f87d75a09030b094f12a4a1a17fa
GuLoader
a488990c82230074fdf4f22a014a8f05dbb2bdc055c096c4d4a28b3a8055a648
GuLoader
aea480ebd5777e840f0b988267554fe1d35f70238bed009231b24475fdc0b0d9
GuLoader
f44cd8c2df04f8921d2d50831c0268b93d48fb0a149c3783331adaec733a47ed
GuLoader
ff74fb3d8b1bc85e76697ddd73113a500d0c735e3b0b97fa67dd7720e40a5017
GuLoader
+ 154 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaErrorOverflow

Comments