MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 04e3c79bdcdc18cb3f7a7aa37ff10534fcd33eebfed20d65b71435fce06986be. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
GuLoader
Vendor detections: 4
| SHA256 hash: | 04e3c79bdcdc18cb3f7a7aa37ff10534fcd33eebfed20d65b71435fce06986be |
|---|---|
| SHA3-384 hash: | 08c305e9008c8b4f4237380cdfef084890123608cb6bcc90e26810704d003abf3da4e8141d0aec42016f0d98cc08f243 |
| SHA1 hash: | 0c5e4e7b4622990d521c41f2547a3f534626c93b |
| MD5 hash: | 116aab2823e0cce6fa37e997c566e919 |
| humanhash: | item-cat-sad-tennessee |
| File name: | WT_quote.exe |
| Download: | download sample |
| Signature | GuLoader |
| File size: | 110'592 bytes |
| First seen: | 2020-06-03 13:04:44 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 9b51b9645bd6a6da5878d40c35923a6a (1 x GuLoader) |
| ssdeep | 1536:/8SPfxV40t8K1X1lH7BkgrKHxLdGKc+o0FDHdZ1gIDsIAUxjFDm00gDYo:/9PXt3bKVdhjFD9znTigDYo |
| Threatray | 852 similar samples on MalwareBazaar |
| TLSH | 8EB37B03ED4D8653C1444BBD3D178EBA3B0DA80D0E405BEFB5396E9BAE762521CA711E |
| Reporter |  abuse_ch |
| Tags: | exe geo GuLoader KOR |
abuse_ch
Malspam distributing GuLoader:HELO: mail-smail-vm51.hanmail.net
Sending IP: 203.133.180.239
From: 비 엘 두 주 식 회 사 <dayong92@hanmail.net>
Subject: 견적용입니다 긴급으로 견적만 주세요
Attachment: 2020 06 03.iso (contains "WT_quote.exe")
GuLoader payload URL:
http://ekenefb34logs.webredirect.org/uploud/5bab0b1d864615bab0b1d864b3/wj1_tIaUf126.bin
Intelligence
File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Detection(s):
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Status:
Malicious
First seen:
2020-06-03 10:36:01 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
2/5
Detection(s):
Malicious file
Verdict:
malicious
Label(s):
guloader
Similar samples:
+ 842 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
5/10
Tags:
n/a
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.