MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 83c07662096e054ff35d85892e828e2f4127015e0d940e88c3c0cf30ac655bc7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
GuLoader
Vendor detections: 3
| SHA256 hash: | 83c07662096e054ff35d85892e828e2f4127015e0d940e88c3c0cf30ac655bc7 |
|---|---|
| SHA3-384 hash: | 71eaa96ff86165aca0858f5e63f095ad1790241d45613110ec3796e623de96a9eb8da660d4540c745efaef43c32e18a4 |
| SHA1 hash: | 8ab7000589a7aac3fe74ef809c896ccba8203690 |
| MD5 hash: | dee8617d13111713a7d434f17a347fb8 |
| humanhash: | lion-pip-chicken-oven |
| File name: | order.exe |
| Download: | download sample |
| Signature | GuLoader |
| File size: | 114'688 bytes |
| First seen: | 2020-05-27 17:27:18 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 7aeb24e65d2ff4e843ad9283b35ec0ad (1 x GuLoader) |
| ssdeep | 768:nw44OPvf6Tnkw7y6AqnSURHpKGHLYsLewaS0sh2pDrRl0TCJZKpJdKclrSAa:wIi7U6AqVgvsB0tJrUCJNT |
| Threatray | 204 similar samples on MalwareBazaar |
| TLSH | 38B3E71376D09CB2E8358FF208729BA55D22BD296D114F077649FF5F3933AC9299032A |
| Reporter |  abuse_ch |
| Tags: | exe GuLoader |
abuse_ch
Malspam distributing GuLoader:HELO: server.ecomotorhk.com
Sending IP: 162.144.56.225
From: Batgerel Odsuren <odsuren.batgerel.me2@eng.nssmc.com>
Reply-To: odsuren.batgerel.me2@eng.nssmc.com
Subject: Request for Quotation of Screw Decanter Centrifuge_CE1 Project/AA167194000000 (Muhan Technical)
Attachment: Request_for_Quotation_Decanter_00223.img (contains "order.exe")
GuLoader payload URL:
http://185.94.191.88/bin_qNQJqzF250.bin
Intelligence
File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Detection(s):
Gathering data
Threat name:
Win32.Trojan.Injector
Status:
Malicious
First seen:
2020-05-27 03:31:05 UTC
AV detection:
21 of 31 (67.74%)
Threat level:
2/5
Verdict:
malicious
Label(s):
guloader
Similar samples:
+ 194 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
5/10
Tags:
n/a
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.