MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3fe9eed0a3a27ff6cc16b6999d5b040cb7c103a4cd59262ffd21744537e7c8db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3fe9eed0a3a27ff6cc16b6999d5b040cb7c103a4cd59262ffd21744537e7c8db
SHA3-384 hash: 37c23fe25169b590d58dc6b1eaac94234408fab39b15c53c0e324a79739bcd27b0c0b4e362b506dc671d0b1a70d99a91
SHA1 hash: 01347cdc0af67485943897c210827eb25880b132
MD5 hash: 14c21a96321f2cf58ab08041f4c0a8a0
humanhash: hydrogen-eight-four-cup
File name:POPI202100156JUN.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-05 14:08:15 UTC
Last seen:2020-05-05 14:53:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f46b10eebc3c9c499a09f8d08a9a4736 (4 x GuLoader)
ssdeep 768:yKh1p3u2H6rCtBKlbwsPFpIwGGC1LB5XOdkuOP5wvA2T1RvDn9Knt+/lTY6wWfFT:Th3u2QCXKlnpIwDi92oYbn9KntK06Nd
Threatray 730 similar samples on MalwareBazaar
TLSH 6393F8156EB1ED21D61479B4EB6AF6AEC715BC302832891762CC3A1E5F36A02DD3131F
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AC.20134.8822.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Malrep
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 14:08:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1f3c0cb514e5c47627a6f0947deec29e824dfb0d13121021ea6115d3f09db9ee
GuLoader
1f970a14fb1efcbcdca7c274d76c4eabd3699e62015a58226d6e328b83d4f0fe
GuLoader
430503a02927d70df40c2f5649ca255e98017a15af6796633c27d2c0d3f3314c
GuLoader
581a5839e84c512e1ba78931b78cad6a25ad5ec0c6033d033db3350889285c9f
GuLoader
6f3800e20217ce801b5c4106be5fb1160e4accfd565e371b670c52605f2600b8
GuLoader
7fda87ee7ea129f8263c57c5f9d4ed2db3221a067ad0d3dee0a1918d4be96b94
GuLoader
9826cc38078ee6a4a6ac24f17da67a7848eba1c75250875aac17bd1496b2bb4a
GuLoader
a2854003ec6cd974aacccacca9e7d12208e1e70dc2c3d722c238bafb3aa3ee26
GuLoader
b3f47169101e8ad239ae4a647447bef75e9ec88d5fc096299880756868514ed0
GuLoader
bd6f8c6b0d3ba7d364667c32994f536d69d93aee58e46ef1e9899452830c001f
GuLoader
+ 720 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-4l9g1q79xe/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments