MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 fd7bda28f57ed8bfdacb013a3ed294e574a39c4eecf7d0a1acf5a8299db69753. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
GuLoader
Vendor detections: 4
| SHA256 hash: | fd7bda28f57ed8bfdacb013a3ed294e574a39c4eecf7d0a1acf5a8299db69753 |
|---|---|
| SHA3-384 hash: | c1af7ee0a6060b30414ccfd64698b0f1da66969b565b232e12a28681003956ac22765c0e024defe82b340fd3d2b40aa9 |
| SHA1 hash: | b61c53a8e0ecc6a32627caa591fd949722e250f0 |
| MD5 hash: | 0fb7d7f5f53af85648141bd175be4876 |
| humanhash: | neptune-quiet-kansas-earth |
| File name: | Required Materials & Equipments For Yas Island Construction & Development Phase 3(Package 1).com |
| Download: | download sample |
| Signature | GuLoader |
| File size: | 94'208 bytes |
| First seen: | 2020-06-02 11:17:35 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | d1740837e7c22bde30a14bd647510df3 (1 x GuLoader) |
| ssdeep | 1536:vLgFO8lLTFKd8F9BhW8CLzwKQwdIy/XGBzRV1:QsW9S8kzwPtT |
| Threatray | 5'116 similar samples on MalwareBazaar |
| TLSH | 0B9308036AD44601F1B24B706EB783996F25BC1A4D429A4F754D1E4B7B31B62ACAC33F |
| Reporter |  abuse_ch |
| Tags: | com GuLoader |
abuse_ch
Malspam distributing GuLoader:HELO: mailmarketingworldpad.live
Sending IP: 106.75.36.102
From: Shahabas Parol <sales@mailmarketingworldpad.live>
Reply-To: Shahabas Parol <office.rep@mail.ru>
Subject: Revised Quote: YAS ISLAND CONSTRUTION & DEVELOPMENT PHASE 3 - RESIDENTIAL, INDUSTRIAL, COMMERCIAL LAYOUTS & INFRASTRUCTURES (Package 1)
Attachment: Required Materials Equipments For Yas Island Construction Development Phase 3Package 1.rar (contains "Required Materials & Equipments For Yas Island Construction & Development Phase 3(Package 1).com")
GuLoader payload URL:
https://onedrive.live.com/download?cid=B3805920E5EB0711&resid=B3805920E5EB0711%21110&authkey=AMGUwqqdxoeah50
Intelligence
File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Gathering data
Threat name:
Win32.Trojan.Vbkrypt
Status:
Malicious
First seen:
2020-06-02 11:37:54 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
5/5
Detection(s):
Malicious file
Verdict:
malicious
Label(s):
guloader
Similar samples:
+ 5'106 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
5/10
Tags:
n/a
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.