MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 34d5bd380c2902b64435c9e3cb3a917b329cdbde53397cac6ec767af3904b2f6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	34d5bd380c2902b64435c9e3cb3a917b329cdbde53397cac6ec767af3904b2f6
SHA3-384 hash:	003f306018fd0b0933df31d1a7f44570b3c311cfb96585a5110309a1f00cd7b85f5c0706fe468537b4675cda6ad3c4a5
SHA1 hash:	5e7458ddfdba7779d59044f5c08edafa6c1f387f
MD5 hash:	54fc07c71da098a48a41f4312d47bad7
humanhash:	william-equal-bakerloo-blue
File name:	Product list.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	94'208 bytes
First seen:	2020-05-09 06:21:37 UTC
Last seen:	2020-05-09 07:10:14 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	fe750292aa2da4fae1aaa6cae801bc3d (1 x GuLoader)
ssdeep	1536:8mNDuI3q2sNXP4+ptVOdaLso8ue74QOGC:VDuI61f4+ptVOdUP
Threatray	114 similar samples on MalwareBazaar
TLSH	ED93A6C1B3E4D027D5ED1AB26F91C2D851A4BC36B846EA0BB6C4734F19349D1E650B37
Reporter	jarumlus
Tags:	GuLoader

Intelligence

File Origin

# of uploads :

2

# of downloads :

88

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.ProtectSharewar-2

PUA.Win.Packer.ProtectSharewar-3

Gathering data

Threat name:

Win32.Trojan.Fareit

Status:

Malicious

First seen:

2020-05-09 08:18:17 UTC

File Type:

PE (Exe)

Extracted files:

6

AV detection:

24 of 31 (77.42%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=gtk32oamfeblmrbvzhr4wourpmzjzw66km4xzldoy5t26oiewl3a._file

Verdict:

malicious

Label(s):

guloader

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-jtz2k8999e/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks QEMU agent state file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 2196afbba9c1b6dc973a134bae585093806ea07900138c7ed7f66f8cb47fec6a

exe 34d5bd380c2902b64435c9e3cb3a917b329cdbde53397cac6ec767af3904b2f6

(this sample)

Dropped by

MD5 bcd22ba9ad6dd1f073e0d6eb12161431

Dropped by

SHA256 2196afbba9c1b6dc973a134bae585093806ea07900138c7ed7f66f8cb47fec6a

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample