MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 314c3caa4b1a6ccb17a7348cdf0ac7577a6ccc595a4d6cc0f9abcde2befc58d0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 4 Yara Comments

SHA256 hash: 314c3caa4b1a6ccb17a7348cdf0ac7577a6ccc595a4d6cc0f9abcde2befc58d0
SHA1 hash: b359f2c63364264896fa7a49367daf7879803eb1
MD5 hash: d1da99d9f2d055e18f05e121f44883e1
File name:Detalles del pago.pdf.bat
Download: download sample
Signature GuLoader
File size:94'208 bytes
First seen:2020-05-23 11:53:07 UTC
Last seen:2020-05-23 13:13:08 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a2dfe4eb0644a1cd452aba3a2ea2c7b1
ssdeep 768:A5op+N6/5vp2Y8xf/7Je71vbXwWTcivZX1rJnHv8MroWgD+7s:coEe4FA1vbX3wivPtHjBgn
TLSH 67930A61F060D9F5ED218FF29A3A96E058AB6C3119128B0370DDBB1C3D7370DAA5635B
Reporter @abuse_ch
Tags:bat GuLoader

Malspam distributing GuLoader:

Sending IP:
From: Coreptec S.A. Christian Naranjo <>
Reply-To: Coreptec S.A. Christian Naranjo <>, Coreptec S.A. Christian Naranjo <>, Coreptec S.A. Christian Naranjo <>
Subject: Re: PAGO ATRÁS DEVUELTO TT (Ref 0180066743)
Attachment: Detalles del pago.pdf.gz (contains "Detalles del pago.pdf.bat")

GuLoader payload URL:


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 22
Origin country US US
VirusTotal:Virustotal results 12.68%

File information

The table below shows additional information about this malware sample such as delivery method and external references.



Executable exe 314c3caa4b1a6ccb17a7348cdf0ac7577a6ccc595a4d6cc0f9abcde2befc58d0

(this sample)

Delivery method
Distributed via e-mail attachment