MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 473f59e503b660f8b9cd8f4a36f955f59cc9b0ee19dec2570d9a907c22df1907. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	473f59e503b660f8b9cd8f4a36f955f59cc9b0ee19dec2570d9a907c22df1907
SHA3-384 hash:	aca0d21ce9aaa9f608257c9dbd6cf6afc3338cfb732253f68fd28bd081bdb13c6f154751f5fa8031efc800b26cb8f5be
SHA1 hash:	c1415064442248a7656c5a559d626c5d056d9e70
MD5 hash:	052bb31bfcf0d9b4df3013f5175342b0
humanhash:	utah-thirteen-happy-neptune
File name:	Misprizalb.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	98'304 bytes
First seen:	2020-05-04 04:49:11 UTC
Last seen:	2020-05-04 13:55:45 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	2d641e3afa0690e071b05cb45cd8fe9f (1 x GuLoader)
ssdeep	768:Jqc3e7VMFKrF+/v3UYQdkXaXjjamdkgdda7SdBFtqC0AAn2uWVK3fKYfu9V0dIly:s7KF5/vEZHB3qOK2fCb5My
Threatray	184 similar samples on MalwareBazaar
TLSH	A9A3C752B7D4920BF62556B21BA8D6E44062FD39AC511A073EC4772F3E32E05FA5233B
Reporter	cocaman
Tags:	exe GuLoader

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.DownLoader33.38732.21162.10597.UNOFFICIAL

Win.Malware.Generic-7751004-0

Gathering data

Threat name:

Win32.Trojan.Dynamer

Status:

Malicious

First seen:

2020-05-03 23:09:36 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

25 of 31 (80.65%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=i47vtzidwzqproonr5fdn6kv6womtmhodhpmevyntkihyiw7dedq._file

Verdict:

malicious

Label(s):

guloader

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-ww9vhtvt96/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks QEMU agent state file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

7z a5785a5c457cbb9ea804860f360d79b46c6f5bafa472229b7e1fdef13433161a

GuLoader

exe 473f59e503b660f8b9cd8f4a36f955f59cc9b0ee19dec2570d9a907c22df1907

(this sample)

Delivery method

Other

Dropped by

SHA256 a5785a5c457cbb9ea804860f360d79b46c6f5bafa472229b7e1fdef13433161a

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample