MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 32ee74bb350fbb95edef7aa819cdd3b0ee8cc29f007f9838b667e1ca534a1e40. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	32ee74bb350fbb95edef7aa819cdd3b0ee8cc29f007f9838b667e1ca534a1e40
SHA3-384 hash:	b8b434e77a97159e74cbf1eafa4aac447ef83506dfce11417a5ec08e7030cc2133ac3b67244007d9643d252754becbb9
SHA1 hash:	5907e29143648212f6a121a16e15494c926354ef
MD5 hash:	cbe541a7a1dbdc9df480a460ffcd3e6d
humanhash:	april-island-timing-rugby
File name:	Archaical.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	518'896 bytes
First seen:	2022-09-25 20:42:11 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	e2a592076b17ef8bfb48b7e03965a3fc (388 x GuLoader, 59 x RemcosRAT, 44 x VIPKeylogger)
ssdeep	12288:JqNMEh6PdfgMXe8hqnosH6QH9QoJdpdz897mr5d7h5:+Mld/XthvsHpqYV89iZ5
Threatray	135 similar samples on MalwareBazaar
TLSH	T164B4F01A77F9E866D2641BF49C95CBBD86F4EB441832C20B66F4FE6FB9387526C00241
TrID	48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 16.4% (.EXE) Win64 Executable (generic) (10523/12/4) 10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	62f1b878ecec6c99 (14 x GuLoader)
Reporter	Anonymous
Tags:	exe GuLoader signed

Code Signing Certificate

Organisation:	Tidying Newsletter
Issuer:	Tidying Newsletter
Algorithm:	sha256WithRSAEncryption
Valid from:	2021-12-07T06:42:22Z
Valid to:	2024-12-06T06:42:22Z
Serial number:	49eddb90865649cd
Thumbprint Algorithm:	SHA256
Thumbprint:	713c94b7b19b5457f4d1aa7cea9272f3379e4592fe65dfcf6cd5e050450f6ea1
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

279

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/313315/

Detection(s):

SecuriteInfo.com.Trojan.Siggen18.46786.10910.15038.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Creating a file in the %AppData% subdirectories

Creating a file in the %temp% subdirectories

Delayed reading of the file

Sending a custom TCP request

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/39076/overview

Behaviour

MalwareBazaar

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

overlay packed shell32.dll

Link:

https://www.filescan.io/uploads/6330bd6173bbffe3a78a68e9/reports/65b1fe70-7769-4de8-8fb0-c3b041478daa/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/a0605ead-cd0d-4210-8bc8-a92a24e5ee67

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

troj.evad

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/1077022

Signature

Multi AV Scanner detection for submitted file

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected GuLoader

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/32ee74bb350fbb95edef7aa819cdd3b0ee8cc29f007f9838b667e1ca534a1e40/

Threat name:

Win32.Trojan.Guloader

Status:

Malicious

First seen:

2022-09-12 01:24:03 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

21 of 26 (80.77%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=glxhjozvb65zl3pppkubttotwdxizqu7ab7zqofwm7q4uu2kdzaa._file

Verdict:

malicious

Label(s):

cloudeye

GuLoader

67012c9555804fbfe82f17ee6d7d09196ed356053e2e778f49a998a4b718d6a6

GuLoader

691b3c73fa3301b9c36de80df0e7aa9d551a87ccc77a04b93786d6f1f5a41969

GuLoader

6e8977c63ed912222192ae6dd049abfa6b3633b1319627e932841d350dfeb1aa

GuLoader

a81759cc686cbbf9946cc49e6bf06907532e57d9ff167e061e3993fb0c0fd1b7

GuLoader

ab2036dc90a503a003ed28e17ed2cf24001848be05580b6246656f88abe01c86

GuLoader

dd39027f02b3a47cb2677440f59575089a0673f134cff175d908be574ebc80ac

GuLoader

dfdedc4060f4944298bcdf25778b7f7eaaef43fdae61238d7debf88825e66294

GuLoader

efc035ff598957f35768f2d84721bbec76633c60538eda9d5ec53092f4384237

GuLoader

+ 125 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader discovery downloader

Link:

https://tria.ge/reports/220925-zhj7wshcdq/

Behaviour

Enumerates physical storage devices

Checks installed software on the system

Loads dropped DLL

Guloader,Cloudeye

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/2f90be85-e995-4117-92bb-a4fe813be1e5

Unpacked files

SH256 hash:

2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc

MD5 hash:

a4dd044bcd94e9b3370ccf095b31f896

SHA1 hash:

17c78201323ab2095bc53184aa8267c9187d5173

Link:

https://www.unpac.me/results/f693925d-8f62-424b-a6e3-ab595d334a69/

SH256 hash:

32ee74bb350fbb95edef7aa819cdd3b0ee8cc29f007f9838b667e1ca534a1e40

MD5 hash:

cbe541a7a1dbdc9df480a460ffcd3e6d

SHA1 hash:

5907e29143648212f6a121a16e15494c926354ef

Link:

https://www.unpac.me/results/f693925d-8f62-424b-a6e3-ab595d334a69/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/32ee74bb350fbb95edef7aa819cdd3b0ee8cc29f007f9838b667e1ca534a1e40

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/313315/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample