MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 14ef1e3ac43b65b915bf15b136502e42fbc03555377bddf1bd4cd71928d2f1a4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 14ef1e3ac43b65b915bf15b136502e42fbc03555377bddf1bd4cd71928d2f1a4
SHA3-384 hash: 0810f0a64c721e604c26c6c12cfcc5c41539f6cf122b992de86c1d45e20c84e91d7e87a6677c9d8fe5034cd250eed1b9
SHA1 hash: 0227fdd6d03efa23a9abde7703f7b0d4a94284ba
MD5 hash: fc2aa2f68dd8c4f00aef42e6a05a49f4
humanhash: yankee-alpha-eight-mockingbird
File name:DOC110264522074645553239905_PDF.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-05-11 20:40:31 UTC
Last seen:2020-05-11 21:49:19 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2d778dc989ab0f2840e9ff47d6764f03 (1 x GuLoader)
ssdeep 768:cBz1smw+NRaPItjzqM3EqsB4udKv2TgaX5w175q6500SBNZM:K1smwjb4EqsBD0aX5wnqg0tBc
Threatray 406 similar samples on MalwareBazaar
TLSH 9F83C215BEB5FC32D1447AB2DF6AF6AFD315AC3009314A1728443B6A1F36A069E7025F
Reporter c_APT_ure
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33778001.4200.13053.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Malrep
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 22:43:25 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ctxr4owehns3sfn7cwytmuboil54ankvg55534n5jtlrskgs6gsa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1218e6f611d06cbf81e8b72e9c1fab06d8d54c5a7b6ce49e4e26bf86ec1807b2
GuLoader
205034fed0edd3c5d8069c63783b3cfdeba86816e6f1f5f6899add096d482bff
GuLoader
250051d6d9bd369c1b513ab41b5f9da87b04166af831d170dcab225aa0d86913
GuLoader
3095c533634e0d3773040c4599e05afe14ebac6e81bad0801b6ec72f78df9c3d
GuLoader
7030c2032fc9a3b15dc8720636f25403873ca65156611b7ccaa2928d716874b3
GuLoader
7b743eec66064abd181281fa1c0d614f856ee083d23348a10c9612765342ee67
GuLoader
a7517b0fbbd35dc4990c2a61b792264a9cbbd77fc62f0673063df3c6a2d581fd
GuLoader
cb26b474b4f7be86dc5bf39c595a93d1e3353bd25312d83249dc4e1097df2f3e
GuLoader
d0a44650607ba722a1afaeda2b4cb8c56484a1c9e8bf72e51fe92a2e16d6dbcf
GuLoader
dabc62571ab7730cebaf8d46beb2765032674b43518f30fb228917570729add4
GuLoader
+ 396 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-evkhy59nqn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments