MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e160494a796043c9591b63d31e654c1c04a96bb35791b82cbd0d1827fe9bffb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments

SHA256 hash: 0e160494a796043c9591b63d31e654c1c04a96bb35791b82cbd0d1827fe9bffb
SHA3-384 hash: a606268a85271aa745c56129a54f9d64ff48d8ef226862b3226ac0c1e8f47fc44fe043b2ad668047a7cc1b15638b8391
SHA1 hash: 4354e533348e8017df432912ae1af97e054ad5d2
MD5 hash: f4e971d73aae6eb4e20f8ef613c5b88c
humanhash: maine-sodium-king-nevada
File name:_DHL RECEIPT.DOC.PDF.exe
Download: download sample
Signature GuLoader
File size:110'592 bytes
First seen:2020-05-05 06:06:49 UTC
Last seen:2020-05-05 06:48:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e5c20553fde1b8be248a1242981df4f5 (1 x GuLoader)
ssdeep 1536:NIUDdBlcF5QJiYz1eO0h1J9Zuzhd97h+NHi24dIPCHAU63:2UzSFeGDJ9Zuzhd97huudgCp63
Threatray 240 similar samples on MalwareBazaar
TLSH 23B341405EA5FD1AE8A93AF1C725F09DCB806D35A874722BBAC1714E5F394819F3072B
Reporter jarumlus
Tags:GuLoader

Intelligence


File Origin
# of uploads :
2
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Status:
Malicious
First seen:
2020-05-05 01:53:21 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments