MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e160494a796043c9591b63d31e654c1c04a96bb35791b82cbd0d1827fe9bffb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0e160494a796043c9591b63d31e654c1c04a96bb35791b82cbd0d1827fe9bffb
SHA3-384 hash: a606268a85271aa745c56129a54f9d64ff48d8ef226862b3226ac0c1e8f47fc44fe043b2ad668047a7cc1b15638b8391
SHA1 hash: 4354e533348e8017df432912ae1af97e054ad5d2
MD5 hash: f4e971d73aae6eb4e20f8ef613c5b88c
humanhash: maine-sodium-king-nevada
File name:_DHL RECEIPT.DOC.PDF.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-05 06:06:49 UTC
Last seen:2020-05-05 06:48:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e5c20553fde1b8be248a1242981df4f5 (1 x GuLoader)
ssdeep 1536:NIUDdBlcF5QJiYz1eO0h1J9Zuzhd97h+NHi24dIPCHAU63:2UzSFeGDJ9Zuzhd97huudgCp63
Threatray 240 similar samples on MalwareBazaar
TLSH 23B341405EA5FD1AE8A93AF1C725F09DCB806D35A874722BBAC1714E5F394819F3072B
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.Injector.ELTU.2876.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 01:53:21 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bylajffhsycdzfmrwy6tdzsuyhaevfv3gv4rxawl2diye77jx75q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0573d56a84aac658edac1e93d08390c1a8378ed2d801b2460ac89a8ef643eb7d
GuLoader
17ddc83d49b6cd1d511e8c5498c44d8b4bdbbb69b13011a180f8bded117ff2f7
GuLoader
455c21fbac342659cd4b5cc162772117cce60f6b59f04dba0dd4327868a428eb
GuLoader
5bbdd845eeb4c298a4edd8f578f4a832086559391ccb2e6e8b50b8c3c10b7fec
GuLoader
a50c5d39fc21ccc51d78d76bbec723414f505f40a56961ac00b567ba0d5bda36
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b715ce2fa69bc8384df1a4137b50bc30e05c0f3f557fe8608635744543b9976d
GuLoader
b7a306bd407cca438202bfb3b92abff60f959418c7fd129487a6510554ff5706
GuLoader
ca755b8915cb1025b4b5748e12cd7d3cbdccbcf90fd5986c911b066043d6d136
GuLoader
e7f1b2d2601e9a6427a155a3599614c09c9edaae7eb8f10b81e1f3e117717157
GuLoader
+ 230 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-44lvh8vqva/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments