MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 26b47dc955792b7529da974b3309f05c5f6009756eca6f04357c7dad2887baae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 26b47dc955792b7529da974b3309f05c5f6009756eca6f04357c7dad2887baae
SHA3-384 hash: c420e9b1d3fd86c5e1386a5e7af81a72e58277d7ba610ecb82afa76d12e6bf2c52656cbf2fa01410bedf9464e4ff588d
SHA1 hash: da7abb3610bc9d3c646566e0de2f0f0b89ea6d18
MD5 hash: 3c410af20a6db4097402dd1185934c18
humanhash: glucose-river-mirror-carpet
File name:d.jpeg
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-05-21 05:55:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4c3db330ec3701beb35758334bc762bf (1 x GuLoader)
ssdeep 768:5moxgw9DYMbtOJ/A7A6tHQ50cynwWfwMME80smom1NVSpFBLGVC8:LZBtSm7tH7cOwWfwCZ1WUVJ
Threatray 188 similar samples on MalwareBazaar
TLSH B2A33A30F184EC7AD50891FE1EA64A28A21FFD350A21CA47F4CBBB1C15FA9D2E435756
Reporter cocaman
Tags:GuLoader jpeg

Intelligence

File Origin
# of uploads :
1
# of downloads :
132
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/4380/
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AB.9996.10270.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 06:27:52 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=e22h3skvpevxkko2s5ftgcpqlrpwaclvn3fg6bbvpr622kehxkxa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1d452b5f3e5d2b6623d0ca35793dfc051e1bf8b237e360906ed055e819235604
GuLoader
3304692b98947be42789e37a03aa03804b66df6235cc20d8611d7aa42c27c7aa
GuLoader
3718ecafddb6b2fcf35611ec2b060d06de6243ca971124177f8dab5c0dfbbe0f
GuLoader
54488d42558df58d9694b6a6150e4934c045c588566be3a555c005ce0aa4ab39
GuLoader
563ee97396c60bb7d587d98e95d68109cfe9b0a924860bee678e1e4da196bb64
GuLoader
a4429d0165e0b0c5e3b7840303bed826a9de8122d824622656d9ae9d6e396eea
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b624f2628a187644b398db22269d178207461ea7180bc442b3623a0ec67d35f2
GuLoader
d8dbe0a74ff4d70f5633f8177f37c14cd1586d7a658ecf72d05f59261e8ad016
GuLoader
e0a34b9c420ddd930b3f89c13c3f564907dd948e88f668a0fe55ce506220bd73
GuLoader
+ 178 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-25n6q1fmv2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/365728/
Cape
Cape
https://www.capesandbox.com/analysis/4380/

Comments