MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a5303bb0ea9067e348cb7bee1db4740682b5a3e37822d09d9b80783f64a5569. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6a5303bb0ea9067e348cb7bee1db4740682b5a3e37822d09d9b80783f64a5569
SHA3-384 hash: ae12d9442361bd8a9dd4d43ea003a9785de0837a9af9b1c6f2f3af12a8c09442c345bc1bbc158a0886c8e3c28f91bc6d
SHA1 hash: 18e098ad8e005a8b20d805fe4e6c196cdfa4b2b5
MD5 hash: 4637107a1e08a7b7c2d9765b0bd21273
humanhash: hot-mirror-queen-ink
File name:DHL-Airway Bill Number 38178020740.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:184'320 bytes
First seen:2020-05-18 13:32:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f64be3a34b305aca3870198a09232db7 (1 x GuLoader)
ssdeep 1536:e2X7bNxPd5pBHPKiT/YaFbRxhpDrrIQfdWhxMUKA+V5TBscwbygdF+F1BHox8EAD:e87J5fHPKKFNxhtIydWhwBkSWcil0
Threatray 138 similar samples on MalwareBazaar
TLSH FF045B22F5D5AE46D621483ECFE1C6B95116BDB04E11C907B2853F6F3AF6A02E631327
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-18 06:06:13 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
04a9ddb426b6bc9febd1f0fdf436cde01976a37b8c99fbbabbd0076ac4a0be92
GuLoader
0b3b7b1bf71efff25e6e6f4b1c0ff68c4505d76e82442d335790d3cfd2ded73a
GuLoader
34e142c3ca75844c48639cfc8f60513d23c02a65addef3bce69f5b49b34277a1
GuLoader
5b5eab7a12fdfc6cc39e39193b7a9020ee46e72acac70033236ef9b6b2da32c7
GuLoader
5bf4e8074d911d75b85de2575920e22caab1e365640c013138b0ad856e2a972e
GuLoader
83c07662096e054ff35d85892e828e2f4127015e0d940e88c3c0cf30ac655bc7
GuLoader
950dc12698f157604f4788b9702ac05a737486bd2facf5ad4afa22980bcc27d4
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b833d79953fe177a48a5832ce2606c41d00f0d5b9bd31ceb25d3055a3850c2f7
GuLoader
dd2348afaca2101fe4898391119d36e17ffe915efe10187d2085b06cbc8e1a12
GuLoader
+ 128 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-z9x7wn1g9n/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments