MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a01fab213d5638b27a184eafedc18fbf43ef0dcd608e70bcd0ead3c506104611. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a01fab213d5638b27a184eafedc18fbf43ef0dcd608e70bcd0ead3c506104611
SHA3-384 hash: b94419bd35dcfcc01917078fd6ef6102836df46847b7719af8083070620db2826c2b3d474ffef248db782eceee6bd2c3
SHA1 hash: e91814bd077c1fd5b9e95d1bb36764549bb76e93
MD5 hash: 2a8a39efda873c294da01bec5afc3bd3
humanhash: steak-november-foxtrot-july
File name:DHL CARGO ARRIVAL.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2020-05-20 13:51:43 UTC
Last seen:2020-05-20 15:07:25 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 12cd874c03af08774092c98b05e14456 (1 x GuLoader)
ssdeep 768:A4wdfSYqMskklIHOGTtmrDVZT5hpYgDOH/KQkPavth7CbKeZ1kwE0U9sX5KG0L15:kdKYqMxkloOtZ/DSKQtv/2W9sXGz
Threatray 316 similar samples on MalwareBazaar
TLSH D2A32961F6E5DCA1CA20C6FC2E304AA8168BFC388535CA0F78C67A2D48F7951E57535B
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
195
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Exesplitter-7
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 07:04:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uap2wij5ky4le6qyj2x63qmpx5b66donmchhbpgq5lj4kbqqiyiq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0b1dbd3162f501371ca4d99f39e0ad1631ab1d9698bf19bdd45163319fc0310b
GuLoader
0eecb6cf7b7bdd0f9b278d0b6341764ac7145e443fd0fe37dcbb222fe088609b
GuLoader
14ae7654cdca531998549d66f162a7d82ddf752289c6f599f3d2e8b7d5b918b4
GuLoader
15b394d8f614faf02d551b0034f2882c052587d717fd4e0966919aeaf1e7ae87
GuLoader
4bd12f48c0a5a1dd9a4c0dd17460f2941f3a1b2b11b95961b4092f07622eb5c3
GuLoader
4e14841c96a09f5850d1cf5fcb3526714c22d7174e3f75c8a309d8db36ecef93
GuLoader
5ecd51e9131fb350b5fe5b90e4e4ebd71a28a55ca867399f231995e25097da58
GuLoader
6dca577dc2b23589fe09acb113d778de0f363b4ef58be7c862745d8514850a7e
GuLoader
a55a495af0977a693b67da780d734c4a8fe65bcc0a54f06079d79ac60c555200
GuLoader
a7496341a05c027a5e7adbbbed5d9633369b64f772d60f36d219ac48be774145
GuLoader
+ 306 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-w7p4dxf3ye/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments