MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f628cdc8433cc16e9fbb106d72759b0cec1926a090c7a1cd897f06af4c54784a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f628cdc8433cc16e9fbb106d72759b0cec1926a090c7a1cd897f06af4c54784a
SHA3-384 hash: b8a68a6d7554492b7657ccdc01113e3213c6fe471359caf6a5def0e1fc552c998b694bce73b47b796f0f70e9ddd7521d
SHA1 hash: c0c19a47c5e332992ada56deed1bf05f5cf4a493
MD5 hash: f90e6f76b491815828edd453ef6bf4ec
humanhash: asparagus-sixteen-fix-lake
File name:SCAN00000000033563 CE,SE,CIPT SCAN TRADE DOCUMENTS FOR EXPORT.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-04-27 12:30:06 UTC
Last seen:2020-04-27 13:36:31 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 25439e1ee07df7da2c166269c69dc973 (1 x GuLoader)
ssdeep 768:cDskfwdie1RQIEFHrr1pgeS/Ifa7Frzcuzyx0Ez9d6oom1adVByNDx378N:cok4die1jaHrQeS/Iy6x5H5y
Threatray 124 similar samples on MalwareBazaar
TLSH 03930813B464DC84DA084EFA5EE28E681027EC766D550B0B398B372C353F79B5B513AB
Reporter cocaman
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.LokiBot-7710099-0
Create hunting rule

Win.Dropper.LokiBot-7710161-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-04-27 12:02:05 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 30 (86.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6yum3scdhtaw5h53cbwxe5m3btwbsjvasdd2dtmjp4dk6tcupbfa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0011c686f49b6c536dd548a5b94f18d6aa41040c66cc483c10c006ee4d4efa27
GuLoader
485c73fe0877faf279ffb3673fdad3d2b2c3297e5003a09120b4ccc4d08d02d6
GuLoader
6eb0c244dd286ae14af2f201e66ff971d8ad21135e2d619751e3755d606eb748
GuLoader
9d13ac84ad63d41cfe44d18740193af498ac345ea1332d2759d4f4bc424b12b3
GuLoader
9d168ed314be4a7dff1ef992f27e493e1f5f070d0c74a6268b1dc78630ade9cd
GuLoader
b7f6d384bd648e73ceea79b31460e1d366102b59fff94e6b1690e72295db8288
GuLoader
bbacc68489937c2068a1f3d4c1dcf1a2e120bbfa6685bbdc2da7e4979ea7d101
GuLoader
d629c357618d0af63380cbd227dcdba8ec9af89e243ae67faaa7343ce9a91f01
GuLoader
dffc2ea9e2d70e83228e7e109b0e9c4f490df7c513ed32f3dd58fb4a3d5a4cab
GuLoader
e8967b1c2713c3513dc6acc371f01fed7795d86abc59467304980cb5cce762da
GuLoader
+ 114 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

rar ab9fb6e068b1f7108677abdfaf3b122e88725cb3f237775e7fde6b8d23b46c73

GuLoader

Executable exe f628cdc8433cc16e9fbb106d72759b0cec1926a090c7a1cd897f06af4c54784a

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 ab9fb6e068b1f7108677abdfaf3b122e88725cb3f237775e7fde6b8d23b46c73

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments