MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 13d10e66adeed80219a06a426a6d43de723315a9fe04ba5000ca73fa94205bb2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 13d10e66adeed80219a06a426a6d43de723315a9fe04ba5000ca73fa94205bb2
SHA3-384 hash: d28868e4abed02fc86f06ad2838ad91375c08830cd7dcdad85795df7bcd2e26fbc9fdc96e733527806385cb2cc0cf8b9
SHA1 hash: 5bf1d0e63df350a47498a5bdbb140869fc94d36b
MD5 hash: 005edf10c3fb726929af74133197fee0
humanhash: diet-asparagus-victor-california
File name:BOVIET COMPANY PROFILE AND CONTACT LIST.pdf.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:86'016 bytes
First seen:2020-05-12 16:32:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 322391f6f3beeeae3cdf9fdbdd0ca468 (1 x GuLoader)
ssdeep 768:pogjEtvDMaW3y9RmgxQQgK9ShfliR7M7LU04zDoji2575:tjjy1Z7SVlu47LUSv59
Threatray 660 similar samples on MalwareBazaar
TLSH 85836D2AF4B4E232D945C9B55BA9C7B9175DBC300825C90B71C47B1E3E3AB20EA6131F
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: server1.arsari.co.id
Sending IP: 43.252.137.130
From: BOVIET SOLAR TECHNOLOGY CO., LTD. <marketing@boviet.com>
Subject: NEW BUSSINESS DEVELOPMENT:PO_BSTC 3519,7422,7341 // EUROPE DELIVERY
Attachment: BOVIET COMPANY PROFILE AND CONTACT LIST.pdf.rar (contains "BOVIET COMPANY PROFILE AND CONTACT LIST.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 16:36:45 UTC
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cpiq4zvn53maegnanjbgu3kd3zzdgfnj7ycluuaazjz7vfbaloza._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
234acaae49590b6d24649d27e945d4eb2bb186f6fae95f8aa4b07457ee9778e8
GuLoader
859cc79621eca1e9b1bc85a569d0ddfcdf83440090e8e4ed7aa8054e2c9c460a
GuLoader
9be235495bd4696901a7e0538b3d96f6996268c67c1b607cdc8e33a794a6a9da
GuLoader
9bebd6b8400a02ec36958c8cf06d3abc659b462d482fca3df8a3a64e42b3e234
GuLoader
c123d96d15083236ebd509b2a5381b350e533d3c869f9aeed7df54651a04c238
GuLoader
d2669f09cb9d457a0bb1ebc7db59cc0f53778ebf2fbd90f84b7c3fd587a109bb
GuLoader
dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d
GuLoader
f02253cc15ef8590d38f2c623609c3d462c2352da4aab698b3959c8ba4ced4e7
GuLoader
fd70366a0abed417301e2a312927e5697e8ded01a50c830b408978fb61ff9241
GuLoader
fff7d8c78dd6f34509bde90ea015593f8e2fce0b0022899f96982f0772c6b9b2
GuLoader
+ 650 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-5h56yf48xe/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

be35460e579a5609ee5cdc5a051c7fd1

GuLoader

Executable exe 13d10e66adeed80219a06a426a6d43de723315a9fe04ba5000ca73fa94205bb2

(this sample)

  
Dropped by
MD5 be35460e579a5609ee5cdc5a051c7fd1
  
Delivery method
Distributed via e-mail attachment

Comments