MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2b551d98f7cfab5065bab4df3eae19af497e729a5dbe63655a8527988fb28ca1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 4 Yara Comments

SHA256 hash: 2b551d98f7cfab5065bab4df3eae19af497e729a5dbe63655a8527988fb28ca1
SHA1 hash: ce390de81db82dc35b8eb675257de94fa5be3f72
MD5 hash: cd02e269190b5f70b49b03de928b315e
File name:order 52242020.pdf.exe
Download: download sample
Signature GuLoader
File size:94'208 bytes
First seen:2020-05-22 10:25:03 UTC
Last seen:2020-05-22 10:52:20 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e6ad31a501b7ebd445e43e3d9e6dbdde
ssdeep 768:Iyabd0qm9ish/3K0Azm0WDYYcNRRVJG2/MNWnya60J3rJ6nwlg:5abajiQ3wVYsVgWyabYnd
TLSH A393182AF644DD66CA750FF06E328B6C046BBC306921CB0375DA3B2D6933A9D9435357
Reporter @abuse_ch
Tags:exe GuLoader

Malspam distributing GuLoader:

Sending IP:
From: Evangelos Fasilis <>
Subject: Re:New Order
Attachment: order 52242020.arj (contains "order 52242020.pdf.exe")

GuLoader payload URL:


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 27
Origin country FR FR
ClamAV PUA.Win.Packer.ProtectSharewar-2
VirusTotal:Virustotal results 17.81%

File information

The table below shows additional information about this malware sample such as delivery method and external references.



Executable exe 2b551d98f7cfab5065bab4df3eae19af497e729a5dbe63655a8527988fb28ca1

(this sample)

Delivery method
Distributed via e-mail attachment