MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1da069d39e2e88c624698760567c4019ca2de990b05c429be843355a0531b51a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1da069d39e2e88c624698760567c4019ca2de990b05c429be843355a0531b51a
SHA3-384 hash: d4a2dba919fd3a5a01be4cb45733dd7677fdf89b9d6c69455f7e06eaf5495aa63a62385fde5bf00d05835a3ebef64718
SHA1 hash: 33286e69423b09e634fc9126863800e4912de0bd
MD5 hash: 3cb820bce8aef98a7e6299b86cb20091
humanhash: wolfram-tango-papa-hotel
File name:o.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-25 14:46:33 UTC
Last seen:2020-05-25 16:11:55 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash febd086b3f12936528271937cac86c8a (1 x GuLoader)
ssdeep 1536:fICrYlTPK6aaCgNLwvojWw0Ey70MlhhCxo4shRCtY6BDhLYmLV:wZV5Pzo4wRCtY6Bh
Threatray 238 similar samples on MalwareBazaar
TLSH 2BB3E603B6D8BC93ED1A2EB18FD199640DA6BE291C111F07B18BB70E25771911FE436D
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5584/
Detection(s):
SecuriteInfo.com.Win32.Injector.EMCN.30951.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 14:46:26 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
16 of 31 (51.61%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
28dfc81c0660d22a889fa79cf30b0698e1f4c78a6693c277931868b67b29646e
GuLoader
2b44eaee1eb9f472580e06b30bc5eba6f513905abe768229ba6290bd1e4da1a5
GuLoader
50a5970afc0a5e55eb16da4d20a7f2ab4af3386d58751b276583aad18969ccac
GuLoader
6327c2d28925dd4680b13585501e34181fc4beefaeb08040d1c10fc91a16f0a3
GuLoader
b4e68cc1125476baac15e128b8e5daacbe857a05c525da252348ba0844ecca83
GuLoader
b5e4950f8979f18ad063f3df3fb483aa88273271254201dbc0e5241b7713edc2
GuLoader
d3aa9fd1ed4af3cc3a49e612b93a03f799ada340c1c086f7403448fe77115bb1
GuLoader
dcafd8ba263cf7e448be257a8d25c968a0060908f93f9d02a068bb0dd482879f
GuLoader
e661bc38b20992b846232fd3d6cbe914bb46ae68b39ce7e7a348be2ba5261851
GuLoader
fcaa4b93dbdb7ca43dab06e0afb63117ca21a864f7ccf6f6eb7a4581ded48464
GuLoader
+ 228 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-1d4tp3t9bj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/5584/

Comments