MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 d3a0f59483985809d83304d2336cd23554c8bca976adcb1008cdd529a1e342ee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
GuLoader
Vendor detections: 3
| SHA256 hash: | d3a0f59483985809d83304d2336cd23554c8bca976adcb1008cdd529a1e342ee |
|---|---|
| SHA3-384 hash: | 692862591a334f9c62c4537f004cffee5944dfd5e3821b816d50afdda2da00bb3eeb68226b8d7715e049df24eda5ab5d |
| SHA1 hash: | 5d027c4627260f5b0b5a64fee71f7488985cd5f9 |
| MD5 hash: | 27880d402bb359e126b92c1bc8f33759 |
| humanhash: | hamper-maryland-michigan-sweet |
| File name: | Documents-DHL950446602.pdf.bat |
| Download: | download sample |
| Signature | GuLoader |
| File size: | 114'688 bytes |
| First seen: | 2020-05-27 12:48:27 UTC |
| Last seen: | 2020-05-27 14:13:21 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | f744ef885fc1ad8547023f4d1416a9b3 (2 x GuLoader) |
| ssdeep | 768:2IZRhQqElAEke9SEjLf9uiKW8N1SRfxC99KodvMYO2ha5iWzUhH7URgu9NyJZyiU:BnyqJEketjJu9WxE9wodZakf97/u9fF |
| Threatray | 353 similar samples on MalwareBazaar |
| TLSH | FBB3F91375F48DB1EC609FB20D728AA61D32BE6569104F577108FF5E1A367CA2EB031A |
| Reporter |  abuse_ch |
| Tags: | bat DHL GuLoader |
abuse_ch
Malspam distributing GuLoader:HELO: aa98419.online-server.cloud
Sending IP: 74.208.129.40
From: billing <billing.expressec@dhl.com>
Subject: New Shipment Documents-DHL950446602
Attachment: Documents-DHL950446602.pdf.gz (contains "Documents-DHL950446602.pdf.bat")
GuLoader payload URL:
https://drive.google.com/uc?export=download&id=16LVpHzxPcMwrQgw96jSkpZ7llrG2Gl7K
Intelligence
File Origin
# of uploads :
2
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Gathering data
Threat name:
Win32.Trojan.Injector
Status:
Malicious
First seen:
2020-05-27 07:25:53 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
19 of 30 (63.33%)
Threat level:
5/5
Verdict:
malicious
Label(s):
guloader
Similar samples:
+ 343 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
5/10
Tags:
n/a
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.