MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 01e45e2c243f5384661dab978cc7435346bda61223b5c921cdd079ed44210387. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 01e45e2c243f5384661dab978cc7435346bda61223b5c921cdd079ed44210387
SHA3-384 hash: 17d85614f261cac04efc2c080abdcd56eed504fe2b20f9a9f96ab43b3d04cd020624b2d87c4d2cd5749514a30bcbfb3a
SHA1 hash: 56f5b4272cb1197e089be738bc920a26b06a0acc
MD5 hash: ac61ea9bb4d07d64562d6d25065f487c
humanhash: hawaii-burger-delaware-item
File name:oriwork.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:86'016 bytes
First seen:2020-05-09 15:21:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ce0cb0cf0e0c7754f05cdb5a07e57f5f (1 x GuLoader)
ssdeep 768:Yb29OTB5s9Ny/Go04OnSSgs5mzbPgFWqqQFFqTyNPxGtL6QuWNG:u29kfGorMSSgCmzbXq3tCL6Th
Threatray 274 similar samples on MalwareBazaar
TLSH 4B831902FDB8EC32DA10B6B1E751FA9FC35AAD301A359907548536191F37E12AD3236E
Reporter JoulK
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Ursu-7775441-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-09 20:20:31 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
21 of 31 (67.74%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
03acd465f7023bd71c2eb105b5b78a377bdeff030fa56c85d0163411d9413d6b
GuLoader
06c7ed157b8e8698cfe7d757ee664ebcdb3b4c3625609f6fd2aa79893df51be2
GuLoader
0c573ee53e9f48e54bb4761f23a3abb8ec55d088b298209eca19f56735c27214
GuLoader
234acaae49590b6d24649d27e945d4eb2bb186f6fae95f8aa4b07457ee9778e8
GuLoader
3ad218dd82f514c03cd3c157a51a6bf3e082d300e6ba02169e78cdd9a7f34845
GuLoader
4e34668c81aba75b9893d5f137a56650d3116ef7a1666c3ee9b3af47077604f3
GuLoader
7bb0368333b8dc8c6b4c422f11c02ec43d385547b460c2f1f8cf78013521a2f5
GuLoader
846f306ccd5e9d610aa3bb92817e08e123cc6be01c4771cdcad518130770c9dd
GuLoader
ad8a37712f8cacb5def3dc81a53358ad76ef3800ef3e4fc3d151f17e594d93e8
GuLoader
cbe345880baebbc56c019721184c56577bccf0b66091b09f90163646f0bc7af7
GuLoader
+ 264 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-24wj2drep6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments