MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff74fb3d8b1bc85e76697ddd73113a500d0c735e3b0b97fa67dd7720e40a5017. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ff74fb3d8b1bc85e76697ddd73113a500d0c735e3b0b97fa67dd7720e40a5017
SHA3-384 hash: 3f1285ee4bef07febdc9709a6897251adf23bad1eca80608161532530bb60270b1ba17e60b862ded7af5141aac86effa
SHA1 hash: 98f19917fd0576ab6950cf06528003baa467d567
MD5 hash: 7dc418a884a7b6e58dc6660ba321c288
humanhash: football-quiet-kilo-fillet
File name:Attachment.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-05-01 10:58:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f2b71303b48b0f87f992aea31d1d359c (1 x GuLoader)
ssdeep 768:2nX+12/tqhxh7iXc0bC8R5Vv328NWdAQRxy8b2:Mu12/tqhxh7is0bCI328NWdnRF2
Threatray 943 similar samples on MalwareBazaar
TLSH 66833C11F2D88631E36BC2BD4B63C7EC1116BC302C568E4B76667B1F6A3AA92D910357
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Win.Malware.Generic-7740162-0
Create hunting rule

Win.Trojan.Ursu-7748035-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 20:17:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=752pwpmldpef45tjpxoxgej2kagqy426hmfzp6th3v3sbzakkalq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
06750ac0faac65082e722d5d7e8ccad6d9ceb5cd74faf3a9dca25be553e756e7
GuLoader
2e610af420add602c83e3cf56613ce2d25a448822721de59b59841d59f707304
GuLoader
37d7bba1bacdbcb35e301c1fc391449ea84d1203ca59a8b1f1142acf4596e032
GuLoader
396c67d17bdba56c29d4774991879313c236e9db5b9e1173f322d1bd3194edd1
GuLoader
472a4d21f664dbdb78739e9847cda51b6bb6d1a296307fff8a3991d5543056b3
GuLoader
99626ac447c880ff6dbf8dbed19bee5ab1da8fdb0b8e1595beda01af67aa64a9
GuLoader
d7e91c4ae1a0b9f6bd1c2ae422b2d9488949110017b9d06001e6bcd386905c8e
GuLoader
dfe54696ad7c10bc44e524a6d292f94a951bd29aa1f4dbee29b6ae56eaf9fa51
GuLoader
ea4144b221a06872b7b1b7110acb32e34893b88fce0495d4ef1830bdac5e8440
GuLoader
f6d7d1d828b5cee30b58eb471720d990a4f411ac366e0bb79c8f56e854dd98cd
GuLoader
+ 933 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaErrorOverflow

Comments