MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f2f28583a4690e1bc531879d34c4eeeeab62a88ec34e204b77428a640c0d00fa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f2f28583a4690e1bc531879d34c4eeeeab62a88ec34e204b77428a640c0d00fa
SHA3-384 hash: 29df250154845698082f54b49bb5ac5552b7f0cb0c2abb2b9ae3180df77f4944c8e2aac101e92398db702b468810fb9d
SHA1 hash: 85d1cf40cf09242e987de70482c02b16b1af18ac
MD5 hash: d31d74af26907e1c992f41e231a970d2
humanhash: thirteen-california-arkansas-cardinal
File name:Demetriades Handling 44565.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:221'184 bytes
First seen:2020-04-24 09:11:21 UTC
Last seen:2020-04-24 09:43:40 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ac718a660a6fb8b8b3eb11569a393376 (1 x GuLoader)
ssdeep 1536:X5zmBIiw8Ss+Mo+l8WQjSg5I8xqAfDYyBumqBjoPh6YGaghHoqCMZMLjr:X5W1kM/qWJAnxe1mQjo0vvdoqCMZW
Threatray 346 similar samples on MalwareBazaar
TLSH B72418817DB4A567C7148A306EE6E7BAC2487ED0E9E1C90F6080771AAF33646157263F
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
6
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33716652.18444.6723.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-24 01:01:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6lzila5enehbxrjrq6otjrho52vwfkeoynhcas3xikfgidanad5a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1d67c5b17b0115be9c9213910f41e052d520c7f86a5b9373f145f8c5f2ded8e4
GuLoader
1ede635c9e8e470e911dc46b40300cd2e794703cedd0f5487d9677244864741f
GuLoader
1f93e9ec506b2df6670b01905f5c42e05d7c2b4dbf44e37d82ee8050528d961d
GuLoader
350b35550e10e3ed50b1337e8899ab2eb9c9cbae7c077027f52bab3c5266bb84
GuLoader
4adf106d80dd2be5d8ea333dcc3a1d06770e4d913b25d05616247f9c66f99484
GuLoader
5c8de7c3ff4d9ad542fe30c13e84cfe205122faefb6427cf7323298eb47ab0d3
GuLoader
77aa8e597d8c1b23af6c98a85e717edde17106fdb806ceadc6cedef510b9e7c8
GuLoader
7ab96517f6852c124c82edf441496b2f005b11a4d1feb92f9cbfa2a2bffd1acb
GuLoader
8f6c9e3fe48707ed0446a2c90af1d3f6b10aab25b7cb60e78dda89f25b689cd3
GuLoader
be45d144f539c0ef3ce8329cebcc9e26167f293bec1a9e82f5e7294a6fc17c5f
GuLoader
+ 336 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaFileOpen

Comments