MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0cdc0a4469c22227858ca71d5cf42fb67c1d3bceff07cdc5ae907c08882e4c45. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 4 Yara Comments

SHA256 hash: 0cdc0a4469c22227858ca71d5cf42fb67c1d3bceff07cdc5ae907c08882e4c45
SHA1 hash: 5b783833d49344c4bf8e0611743c2054c5b1f669
MD5 hash: 7a49343560a52bb59b1e52072e0106ff
File name:file.exe
Download: download sample
Signature GuLoader
File size:143'360 bytes
First seen:2020-05-22 10:00:52 UTC
Last seen:2020-05-22 10:51:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 62098d28089d223b071f09149ed22d13
ssdeep 1536:dD9t/G4VMqTK179HpAoTv2ouuZNY8SSSSSSSSSWNtLV:B7/HVMpTZZP
TLSH AAE3D75DF729ACE0EE1246B52C308E567F17BC3264A90E9F2684361A5C372435CBBD4B
Reporter @abuse_ch
Tags:exe geo GuLoader KOR

Malspam distributing GuLoader:

Sending IP:
From: youngkyu_lim <>
Subject: 공고: 코오롱글로텍 대표자 변경의 건 [천안공장](계산서,거래명세표 대표자 변경 요청)
Attachment: New Business Registration Certificate Scanned (contains "file.exe")

GuLoader payload URL:


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 26
Origin country FR FR
VirusTotal:Virustotal results 36.62%
ReversingLabs :No data

File information

The table below shows additional information about this malware sample such as delivery method and external references.



Executable exe 0cdc0a4469c22227858ca71d5cf42fb67c1d3bceff07cdc5ae907c08882e4c45

(this sample)

Delivery method
Distributed via e-mail attachment