MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 814e2c04eb5851c9624cf3b0871932e22f99f0b3cbb9b22d987829cb05779e37. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 814e2c04eb5851c9624cf3b0871932e22f99f0b3cbb9b22d987829cb05779e37
SHA3-384 hash: 86e2d72246b4e8df0088ac2d2546917fbc6ed1feb946764fa040c1bd72079dfc8f00e605ec4dede4fbc35f85881cf209
SHA1 hash: 3ee3f614e2bca0cba4888660ebf2f84803ee63f3
MD5 hash: aeaf37fc89639b5269282feaa57c6857
humanhash: social-cat-blue-tango
File name:w.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-25 14:44:59 UTC
Last seen:2020-05-25 16:12:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2bc804bc4d0d1582dc5944ecea307367 (1 x GuLoader)
ssdeep 1536:VDbn/uY0mVQxkqsKFX4YbC8v6H5xTDOcY8OGA:VDbnJqkqsk4Ye8v6HneZ
Threatray 129 similar samples on MalwareBazaar
TLSH 5DB3B503B9CDFCA1EC171EB05FD289B90D67BD2AAC414B03748EBF0D29366855FA5216
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5579/
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AB.8333.16484.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vbkrypt
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 14:44:52 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
021ecc7db491245a744d036978de5a20916eeb67299c50f1f456ea21e622d7f5
GuLoader
1da069d39e2e88c624698760567c4019ca2de990b05c429be843355a0531b51a
GuLoader
46387625361cd440a23520b7bda25f402b586d00a44229754ab776e5e1bf34f7
GuLoader
8d6e4671da660a178432514e56aaf7445ea4f03a60f20cc9b6d29826ab435975
GuLoader
ad5b309dcd4971e85929fecc8c73494857a242971b5dcdae26d9a6d0903dc108
GuLoader
b5e4950f8979f18ad063f3df3fb483aa88273271254201dbc0e5241b7713edc2
GuLoader
bd476e4d4bb6f46ca0e62c6a2ab34f90b025d3cc6a0895be9073bd48997d1b47
GuLoader
d335fad41e3f9b09effaf617e6c56554b667191c9c94f4b644a15b396408858b
GuLoader
d3aa9fd1ed4af3cc3a49e612b93a03f799ada340c1c086f7403448fe77115bb1
GuLoader
dcafd8ba263cf7e448be257a8d25c968a0060908f93f9d02a068bb0dd482879f
GuLoader
+ 119 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-xfpf11t2sa/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/5579/

Comments