MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f842179b4979090b6435dcc7ae0ffb46d42899fd4a1926c11fadd7e39ca5f505. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f842179b4979090b6435dcc7ae0ffb46d42899fd4a1926c11fadd7e39ca5f505
SHA3-384 hash: 00fa51fee3008cb838174779133204647366a045d423b2b4f0f392b2d1fda93c21090dddf08132ea696f5f390e80cd1c
SHA1 hash: 830481d4181fd28f874d7e49b44d2e2c4087b07d
MD5 hash: 5ee6cac72f8477ab2e74226bea0056dd
humanhash: alpha-green-connecticut-freddie
File name:doc invoice 8984989384784954677.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-03-20 12:42:10 UTC
Last seen:2020-03-20 15:03:32 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a4023b518f552e12d353555e84ab0cd0 (1 x GuLoader)
ssdeep 768:S54epTr7ahFFSTGqfETj8NTuVmRzZfEQCaGygmSTM+TK+eXmov4zjuLMASxabM1d:SHZr2rY6qfSujRzZfRST9SWov9Qzk6
Threatray 1'006 similar samples on MalwareBazaar
TLSH 8E836B47FB90E832C449CA3E7D4AD2903627FE186B51C68B3698BB1F58F40538E4DA5D
Reporter jarumlus
Tags:GuLoader NanoCore

Intelligence

File Origin
# of uploads :
3
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Vebzenpak-7639767-0
Create hunting rule

Win.Trojan.Vebzenpak-7640209-0
Create hunting rule

Win.Trojan.Vebzenpak-7699953-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-20 04:07:11 UTC
AV detection:
23 of 30 (76.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7bbbpg2jpeeqwzbv3td24d73i3kcrgp5jimsnqi7vxl6hhff6ucq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
36d234ce270e0a44671666a82d6ea92d896f7c2516a25b8121ccdf3502977cb0
GuLoader
4d373131b0d3254d72f1a06ea168267376b8cc8f805daa53963db5f051631967
GuLoader
5f6d61aae72e86026b0e65e4a499d82a77c4069e0463fb8c9b0697cae522fdb9
GuLoader
77168234eb706333e4835666a00a8fd8e110959660c97e5c5528ed3a3d0f5081
GuLoader
8f4147785131b1c4e30710abb80aa3184ce0d070a0bf557a633a8a0eb8d1a77b
GuLoader
9bebd6b8400a02ec36958c8cf06d3abc659b462d482fca3df8a3a64e42b3e234
GuLoader
b957ef817c366f048f64e10b916eb33113a58511a7aaa74212c93e080ed1af64
GuLoader
bb8016149b1cfa77fa6614decb51d21b20385e2749f1b667ad0d51615c9baf05
GuLoader
d0604fe76ff35e2311825f1822171208bd472c764dfbdbf45e20fad47f6a4472
GuLoader
d6330004986cb2968200bad58cb3f1135e2383d9bdf6894feff0f28f952f4c2b
GuLoader
+ 996 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f842179b4979090b6435dcc7ae0ffb46d42899fd4a1926c11fadd7e39ca5f505

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments