MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fdfc7684865596ff802669590f077277385119144e11e6a1827910c39b0d5731. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fdfc7684865596ff802669590f077277385119144e11e6a1827910c39b0d5731
SHA3-384 hash: 271019fc51eb748ba71d2a60a8c91a2eba019db8c0fbfcdf721985083a789a7cbb1a34e57a4009abeb189a96e75eca44
SHA1 hash: e0a32b0a281f9ec91ddff073124fee24b9a6a954
MD5 hash: 1baec96d4ee28e1ef9beada7d0b1fca0
humanhash: floor-nine-london-table
File name:14052020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:180'224 bytes
First seen:2020-05-18 13:33:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a08265bfd0c71af1080748698e3d8c86 (1 x GuLoader)
ssdeep 1536:RX72w3Byx62A/Pv5W1FIgGcRG1O3758jMf7xq1FWFqyYqaxkL2KzOi5bcZ:V7FBq7u5W1FmcRG4Jjxq1FIafkLqi58
Threatray 714 similar samples on MalwareBazaar
TLSH 3C046D62F5D0AE07DB214D3E9BD58AB88116BDB04E11CD0771463F9F3AF6A06A23171B
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-18 13:33:06 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
21 of 30 (70.00%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1ca43e5c33edbf126b18cd7603f5674dc45c9aa2d34efa41796a8f0f9a08b947
GuLoader
79a11cb21ee047550839c1bb8e4bd7d40c98b7fc8eb1faf5f71c06d8acadcdb5
GuLoader
859cc79621eca1e9b1bc85a569d0ddfcdf83440090e8e4ed7aa8054e2c9c460a
GuLoader
9be235495bd4696901a7e0538b3d96f6996268c67c1b607cdc8e33a794a6a9da
GuLoader
b267c228b488319e3514de6a929f16f55e18cf8ac9924f2989b199ebe6b51a59
GuLoader
b4c38303fd0ec6723132e2bc5017904720211a5e660d4e8a722707c7d4214586
GuLoader
d2669f09cb9d457a0bb1ebc7db59cc0f53778ebf2fbd90f84b7c3fd587a109bb
GuLoader
dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d
GuLoader
f8a6d117bfaaeaf97082bdab997196ebc517e34c45eda9b687c19923feeefdd6
GuLoader
fff7d8c78dd6f34509bde90ea015593f8e2fce0b0022899f96982f0772c6b9b2
GuLoader
+ 704 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-t8j8j6nf4a/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments