MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd0f9b41cb3580afbc66c2ee08d20c1d32b5fbc47ae347c8191dfe6e0c4b510e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	fd0f9b41cb3580afbc66c2ee08d20c1d32b5fbc47ae347c8191dfe6e0c4b510e
SHA3-384 hash:	79283bedbe5aca0b6405fa439bb321e282abaf86d9027a99062d948cd7c572a53c4bb5ea41d5132291bd51c38595c333
SHA1 hash:	c5b213447b1713fe8b430bb315f68cae99d29277
MD5 hash:	f27d16b0a420235e3a5849c9745f98c2
humanhash:	wolfram-eleven-pennsylvania-mirror
File name:	Documento de transferência bancária.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	57'344 bytes
First seen:	2020-03-20 18:01:20 UTC
Last seen:	2020-03-20 19:55:05 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	3ff96db64d9d6dbfdd62860c375660fb (1 x GuLoader)
ssdeep	768:drSYewuQdAgqJvaTdKkALUz20+j1UVgwxs2xhRhGqR5Dv01:xSHgqJGAZh1UVZnXhVg
Threatray	1'290 similar samples on MalwareBazaar
TLSH	DC4349EDF2A765A9D34B9934B5838A539066FE748B60B10E30CC3F1F28307615E29679
Reporter	c_APT_ure
Tags:	GuLoader

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.DownLoader33.16050.21734.31327.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-03-11 18:47:48 UTC

AV detection:

24 of 30 (80.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=7uhzwqolgwak7pdgylxaruqmduzll66eplrupsazdx7g4dclkeha._file

Verdict:

malicious

Label(s):

dridex

guloader

GuLoader

1edf8c6bcf0ae2b38e9e28bcb1fd838c2ea35b5b126e4bc9e42daa2e1e722298

GuLoader

3d611ca54f64546327d9bc6993662d5058a7f07fa8e16b81fc7ee6ff60d952f2

GuLoader

4210a2e185c650d6d24b1f030669d484571381f04aa6e69b8974a4926c734f2e

GuLoader

443bc33e9d28fddd4229367cde23085b8d57549093ce8e991eb4753ce58c85fe

GuLoader

85712727599415ff40411a07303a29435e12eeb5afd4b857978be0945c093740

GuLoader

a2bf3f45bdc745f100e74e154249ceccf3339a09de63ebd1118b50ed7a305a9b

GuLoader

af076d38fb1a0fe805a6a835aefa72a1eaa827bb0421dcc91bd2e6153469d60d

GuLoader

b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f

GuLoader

dda25996ab5b78fa63ab71aa304360374fe2eb6ded670c778b2c69d9fa1f1e40

GuLoader

+ 1'280 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/fd0f9b41cb3580afbc66c2ee08d20c1d32b5fbc47ae347c8191dfe6e0c4b510e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::EVENT_SINK_AddRef

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample