MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d68f000de2f2dd32bdebb6b810d3d441c5d05de1d11eba965dc2d4ade0768e50. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d68f000de2f2dd32bdebb6b810d3d441c5d05de1d11eba965dc2d4ade0768e50
SHA3-384 hash: 71ffef5519c63a99a3f45ff3208ee354ac73cd740d13e142d90bddb75dba28bb3c82bdd8bf8079666b64237bfe15379c
SHA1 hash: f29522a90a9c8677409c38195dea5ba62faaa2e0
MD5 hash: 1306a1c5d30d9f3b5be7b1da9688ea97
humanhash: papa-autumn-florida-pennsylvania
File name:Purchase Order Ref AIGNEP180520.PDF.pif
Download: download sample
Signature GuLoader
Create hunting rule
File size:167'936 bytes
First seen:2020-05-18 19:56:58 UTC
Last seen:2020-05-18 20:37:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 062158a580bb7b2299f1be8472c665a9 (1 x GuLoader)
ssdeep 1536:MbVBCBInicTDDx9Nla9cG94/hGpHuECRUNb5LeuXpq3oAQUd9n4:+VB+xw93o9mkNCad5LeC+a
Threatray 873 similar samples on MalwareBazaar
TLSH FDF36B22F285EA06C9724ABE8A5986F500266D718E61C90B79C47F0F39F194BD7F0373
Reporter cocaman
Tags:GuLoader pif

Intelligence

File Origin
# of uploads :
2
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-18 15:15:26 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
22 of 30 (73.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=22hqadpc6lotfpplw24bbu6uihc5axpb2eplvfs5ylkk3ydwrzia._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1ca43e5c33edbf126b18cd7603f5674dc45c9aa2d34efa41796a8f0f9a08b947
GuLoader
2eb11af6d3282bc293586d723b4f411157975c6a7464bc7fecb0f11a2c8951bd
GuLoader
859cc79621eca1e9b1bc85a569d0ddfcdf83440090e8e4ed7aa8054e2c9c460a
GuLoader
9be235495bd4696901a7e0538b3d96f6996268c67c1b607cdc8e33a794a6a9da
GuLoader
b267c228b488319e3514de6a929f16f55e18cf8ac9924f2989b199ebe6b51a59
GuLoader
d2669f09cb9d457a0bb1ebc7db59cc0f53778ebf2fbd90f84b7c3fd587a109bb
GuLoader
dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d
GuLoader
f02253cc15ef8590d38f2c623609c3d462c2352da4aab698b3959c8ba4ced4e7
GuLoader
fbd622c8e7c139a30ded3fdcaabf419b449910a084f80e8dc643567c4fca7919
GuLoader
fff7d8c78dd6f34509bde90ea015593f8e2fce0b0022899f96982f0772c6b9b2
GuLoader
+ 863 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-937vtxzgb2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

tar 0e91dab16894900da572b1a8e6204577f552a2daa8cc4acf8f6d906827a3f7d1

GuLoader

Executable exe d68f000de2f2dd32bdebb6b810d3d441c5d05de1d11eba965dc2d4ade0768e50

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 0e91dab16894900da572b1a8e6204577f552a2daa8cc4acf8f6d906827a3f7d1

Comments