MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7fda87ee7ea129f8263c57c5f9d4ed2db3221a067ad0d3dee0a1918d4be96b94. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7fda87ee7ea129f8263c57c5f9d4ed2db3221a067ad0d3dee0a1918d4be96b94
SHA3-384 hash: dc14ea96ea14e4e6fa1e55409ec2628a8c51f1b4265038bcc40177f2dcfbed51dd1024a07cd787760abfc5c8ea415b6c
SHA1 hash: a4dcff8ea34a01f1ec5acbd651a2e377a71e4ce9
MD5 hash: 90bf5ec34270bf325ca2c26951a82e1e
humanhash: seven-ink-colorado-ack
File name:90bf5ec34270bf325ca2c26951a82e1e.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-05 13:18:12 UTC
Last seen:2020-05-05 14:52:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 61efc8b83230b3e99f479c7e73817bbb (1 x GuLoader)
ssdeep 1536:rlX6V+5gZdZUKoLOUPeA4YquXoC9Cd+Q:djqQO649n
Threatray 126 similar samples on MalwareBazaar
TLSH E493E7256EB4EC26E31475B1EB66F6AED716BC301835580B20C53A1E1F36E428D3536E
Reporter abuse_ch
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Gen.NN.ZevbaCO.34108.fm0@aeC4Ari.19112.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 13:35:42 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=p7nip3t6ueu7qjr4k7c7tvhnfwzsegqgplinhxxaugiy2s7jnoka._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1f3c0cb514e5c47627a6f0947deec29e824dfb0d13121021ea6115d3f09db9ee
GuLoader
1f970a14fb1efcbcdca7c274d76c4eabd3699e62015a58226d6e328b83d4f0fe
GuLoader
3fe9eed0a3a27ff6cc16b6999d5b040cb7c103a4cd59262ffd21744537e7c8db
GuLoader
430503a02927d70df40c2f5649ca255e98017a15af6796633c27d2c0d3f3314c
GuLoader
581a5839e84c512e1ba78931b78cad6a25ad5ec0c6033d033db3350889285c9f
GuLoader
6f3800e20217ce801b5c4106be5fb1160e4accfd565e371b670c52605f2600b8
GuLoader
9826cc38078ee6a4a6ac24f17da67a7848eba1c75250875aac17bd1496b2bb4a
GuLoader
a2854003ec6cd974aacccacca9e7d12208e1e70dc2c3d722c238bafb3aa3ee26
GuLoader
b3f47169101e8ad239ae4a647447bef75e9ec88d5fc096299880756868514ed0
GuLoader
bd6f8c6b0d3ba7d364667c32994f536d69d93aee58e46ef1e9899452830c001f
GuLoader
+ 116 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-1fx978ny52/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 7fda87ee7ea129f8263c57c5f9d4ed2db3221a067ad0d3dee0a1918d4be96b94

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/358393/
  
URLhaus
https://urlhaus.abuse.ch/url/358384/
  
Delivery method
Distributed via web download

Comments