MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e2ff65bf3e2ccdf8a5c94830b0c8b72ce136d017f47bc14933ade45b9bbaeea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0e2ff65bf3e2ccdf8a5c94830b0c8b72ce136d017f47bc14933ade45b9bbaeea
SHA3-384 hash: 3d35b72d95f1620f619554d7920ba9a6577eb4609f70c48b79333619f650a16f47b508694043846eea234c5ddeec1046
SHA1 hash: bb0ad06a7f730305f309cc9ddb219c96ade6f04a
MD5 hash: ef9a8ac1d335f4f3f9dc0e8d6a09661d
humanhash: missouri-enemy-carolina-lactose
File name:BL draft + INV, Shipment doc.pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-05-04 04:30:41 UTC
Last seen:2020-05-04 05:54:27 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 072e63517623b386cf78ca8e46bdcd74 (1 x GuLoader)
ssdeep 768:cdPq8vAVVQiWL4kWHZXKRA0ls8xMHTavdkgqBD4R67NFWJalT9vf9CtNgD55BcBe:MiFVVQr6NKRA0ab7nmadtfQ8o+vD
Threatray 313 similar samples on MalwareBazaar
TLSH B0A3C691B795D01AFB7856B21BA4E7E44157FC399C421A073AC0732E3A32D05FA523BB
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
5
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.FileRepMalware.9581.UNOFFICIAL
Create hunting rule

Win.Malware.Generic-7751004-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Dynamer
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 00:52:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=byx7mw7t4lgn7cs4ssbqwdelolhbg3ibp5d3yfethlpelon3v3va._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
10a4f9b83eb6a7b8ba130f7a9c8c813dee4bfde798f4c7cc539bc35ca18c5821
GuLoader
14bd280177ece118d671795a8b372a0d7de0f3ad3b842ed35726d9b587cb1608
GuLoader
40950dcb88e56bcea0e542f297d60fe5a96d410473ec3fe51e9234b40304d329
GuLoader
473f59e503b660f8b9cd8f4a36f955f59cc9b0ee19dec2570d9a907c22df1907
GuLoader
61bc9714c9d544e67950671f9bf407264caa04db3b82db8deb5ee40e73921e76
GuLoader
7051cafeb459d49b51e160e4dab61b346325159efeec3c734a7131d8e96c3c14
GuLoader
9028aeddf4c76b16753ea37720bae4088308671214e6cf192705622cf07d41e5
GuLoader
9059531fbff89a14fc3761330cac92437bee44349e6b62e7e807422b4c57e2fe
GuLoader
eaf38de6ac4347ac84bcbe648301fedfe021aeafbc3bf40404a4003117a8967a
GuLoader
f573cf3eed6dc5635fd82f657a0912c151e2762188e71d161bf173bd40abaa3d
GuLoader
+ 303 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-z43kqa8j22/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments