MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 45a92acd42405ff1ece0e1cb3a8a4f5744ef52d1b2ffba9e8b454f0a5ae98a06. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 45a92acd42405ff1ece0e1cb3a8a4f5744ef52d1b2ffba9e8b454f0a5ae98a06
SHA3-384 hash: 834c26b3bf7b21dfc2fa688f7472c0a64c3de5f06cbdd3557d13600e30e3cc0c2ecf642c789a96f2768e86c6b508ccad
SHA1 hash: 722ae65dc00c9371e3bfe541bc9f41bac990ac9a
MD5 hash: e0ee6340f6a8fcb59c50b4377a8d13d1
humanhash: oregon-missouri-failed-purple
File name:Fiche d'information.scr
Download: download sample
Signature GuLoader
Create hunting rule
File size:217'616 bytes
First seen:2020-05-05 09:22:51 UTC
Last seen:2020-05-11 20:38:02 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e8cbbf16c2264c24efd1f238f2232e45 (1 x GuLoader)
ssdeep 1536:HP1tCkiuRPRsvD7j8XLP4uG8PtxtK5rk9LXano16FQVtdYpWThpQtpP:HPCkDRIfAXDP1P4GLXH8G3cH
Threatray 166 similar samples on MalwareBazaar
TLSH 8B24E5496E708463D62406B05ADEEB26C6147EF8E9D6CA5F7540B71BBE323C215B303E
Reporter c_APT_ure
Tags:GuLoader

Code Signing Certificate

Organisation:Microsoft Windows
Issuer:Microsoft Windows Production PCA 2011
Algorithm:sha256WithRSAEncryption
Valid from:Jul 3 20:45:50 2018 GMT
Valid to:Jul 26 20:45:50 2019 GMT
Serial number: 33000001C422B2F79B793DACB20000000001C4
Intelligence: 6 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 9B8FDF4D32972E0F17A78A6DD24B418C7B888C89CD0AAC350BBA0F7F5C3190A3
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-22 23:45:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1d67c5b17b0115be9c9213910f41e052d520c7f86a5b9373f145f8c5f2ded8e4
GuLoader
1ede635c9e8e470e911dc46b40300cd2e794703cedd0f5487d9677244864741f
GuLoader
1f93e9ec506b2df6670b01905f5c42e05d7c2b4dbf44e37d82ee8050528d961d
GuLoader
3e9112b343c87d170c86000f87788f3a19422e24ca9bb3681d9ea83fe513e5f5
GuLoader
44cac425f9daa34c012650bb145870ee3df2d1f5a87da9d58d20539ad8f51f10
GuLoader
77aa8e597d8c1b23af6c98a85e717edde17106fdb806ceadc6cedef510b9e7c8
GuLoader
8eaeb42b2536dc0cd96ce7b42cecdb5f7097341ee68c73f960e5a426a7f83f04
GuLoader
c37ae1ed1bf166c96faa73db4544f415c2b81f0a42ccd5311e0aabc0b9e4f455
GuLoader
f1e6db23f71358086c0a6d54602989535e6c25309d92af9f0db056d4a372fe8e
GuLoader
f5b55fe9b33435e6a2053e16b843b5e89f3f4f3c8dfaf778386f2896b5ec4b7d
GuLoader
+ 156 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-t8r48lkwee/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 45a92acd42405ff1ece0e1cb3a8a4f5744ef52d1b2ffba9e8b454f0a5ae98a06

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments