MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f52e553ac38124b5eb9662305ddf404df6a8c68d9287137c938a920eadeebe0e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f52e553ac38124b5eb9662305ddf404df6a8c68d9287137c938a920eadeebe0e
SHA3-384 hash: 0d9425eb70a7e61e5767030099483ffd7e6d28f0869e8b3f12d824238750302d30709cadb9ac50f2bf44347f118bd0d2
SHA1 hash: 444f7b8c28420432a7000b82b3c934942045bb35
MD5 hash: 1d369f78ca9f5aa26aecd4486d9aca23
humanhash: island-nuts-kansas-lamp
File name:OFFICIAL APPROVED PURCHASE ORDER FOR JUNE - ETA JULY 2020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:77'824 bytes
First seen:2020-04-29 08:29:15 UTC
Last seen:2020-04-29 19:04:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 89392960b19360ccea605f762f37a3c4 (1 x GuLoader)
ssdeep 768:gypXn0Xs5+xSqHKqCtk/ijck78fRPoNZbhCKqQHLy:pnGs+xfqkXf2D1CXF
Threatray 322 similar samples on MalwareBazaar
TLSH 43731911F488C871E7A88FF08B61DBA9427EFC201D84CF1771497B1D2AB5A4B9590BBD
Reporter cocaman
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.37570.30549.4768.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 08:41:03 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6uxfkowdqesll24wmiyf3x2ajx3krrunskdrg7etrkja5lpoxyha._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
102a406e2b148d3dff10dc067b37c4cfbe7594c9e10dc3dc2d3b13b3c908678e
GuLoader
277ad2e30607538075324d56c194f6256f2a37245f952038d709f237545bf0f1
GuLoader
3d4b5ca6cf89ed481dee43c1b33dfd03c0863631efbbce57f1d678341f827872
GuLoader
62009eba5623f35454d0d19824c688a0f1fb45dfa88516a3999680f984bdf1f7
GuLoader
70041cbec1ec2f2daaa69db5b81dbf780fe796192d0e9620ad8bba56b45a6d22
GuLoader
8eb33d0b08f137c3aa3f66d5afe0188b9b60458f95ecf8a2f2ca3815059e2fca
GuLoader
8f33b384251c871f6061fcf7d092dd5708cf9b9e0ff92dc09bf3bd458c6cbdb8
GuLoader
ca73b141e59412b434f105fef26227cea43190fbf99e7be806f00b9b9f7a9428
GuLoader
d4d2c82cdc75f723e08d6139593a5a651e75e74b885acf480fe41c239d99e548
GuLoader
f66a9d139aac9008f3ca07794f8389eed945e1391b0ec20c72534a51bda3bea2
GuLoader
+ 312 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar fa8206183f59dd14b51d5c0d37003a7cf8c324f692ed0b0e5d68d60b4f08eae4

GuLoader

Executable exe f52e553ac38124b5eb9662305ddf404df6a8c68d9287137c938a920eadeebe0e

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 fa8206183f59dd14b51d5c0d37003a7cf8c324f692ed0b0e5d68d60b4f08eae4

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments