MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 08f59cb5340816b5afedf0d408257ca81d4188622eb7876756bc731ff1652231. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 5 Yara Comments

SHA256 hash: 08f59cb5340816b5afedf0d408257ca81d4188622eb7876756bc731ff1652231
SHA1 hash: d99e3e1306fcde0fd53ba6136f2dfcb6a6589353
MD5 hash: e352f57a7bd8b1378c7a6caed435e341
File name:file.lzh
Download: download sample
Signature GuLoader
File size:23'101 bytes
First seen:2020-05-22 09:49:39 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 384:JxCcbg/dvZdX5BSURYNHQMR9ikkiZMOg1Na7BD04H4EWiKhxCgzJOvaElrAutXor:a/P4UWFQMR9qOgux04YEWiYCgt+aUY+C
TLSH 67A2E130ADAF89D09333D3625839A45E3BD05C763F9298DB54F3007268D8451BEBE61E
Reporter @abuse_ch
Tags:geo GuLoader KOR lzh

Malspam distributing GuLoader:

Sending IP:
From: UTITECH <>
Subject: 유티아이테크-발주서 송부의건
Attachment: file.lzh (contains "file.exe")

GuLoader payload URL:


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 19
Origin country US US
ClamAV No detection
VirusTotal:Virustotal results 6.56%
ReversingLabs :No data

File information

The table below shows additional information about this malware sample such as delivery method and external references.



rar 08f59cb5340816b5afedf0d408257ca81d4188622eb7876756bc731ff1652231

(this sample)

Delivery method
Distributed via e-mail attachment