MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 3b6460bb14fdce88ab8ec80e5cbfecbb15bbc09de1e75c51246d1c670925b340. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
GuLoader
Vendor detections: 5
| SHA256 hash: | 3b6460bb14fdce88ab8ec80e5cbfecbb15bbc09de1e75c51246d1c670925b340 |
|---|---|
| SHA3-384 hash: | 6b109b1c92644e6dc47d250312f786eada03d8b15ac09bb3ce4283cd91258107538e79741486688e9f03204002021581 |
| SHA1 hash: | 6838ba74da512c9e2c641228a69179121be6cfac |
| MD5 hash: | bf16df82371aa8e4d18be0c7bd213b0e |
| humanhash: | comet-grey-wisconsin-victor |
| File name: | ORDER_1973.exe |
| Download: | download sample |
| Signature | GuLoader |
| File size: | 65'536 bytes |
| First seen: | 2020-06-10 06:50:31 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 369c603d18d8ab1e451afea9b73e678d (1 x GuLoader) |
| ssdeep | 768:binPGMjJvbviBU4ReqDhNqX9cpbdeYbqa9aBJOjd9KmhuqWdNqbMT6IPYbm:bmG094RPD7qXeL6Ox9KmGas |
| Threatray | 968 similar samples on MalwareBazaar |
| TLSH | B7535B5B6D08A593E07187B02A7285E4972A7C2855027F5B2E5C7F1CEF31AC27ED331A |
| Reporter |  abuse_ch |
| Tags: | exe GuLoader |
abuse_ch
Malspam distributing GuLoader:HELO: yuntong-batt.co
Sending IP: 111.90.141.203
From: Sherly (Import Dept) <sherly.imp@yuntong-batt.co>
Subject: SV: SV: CONFIRM ORDER
Attachment: ORDER_1973.rar (contains "ORDER_1973.exe")
GuLoader payload URL:
http://111.90.146.31/bin_DjHTZkf127.bin
Intelligence
File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Detection(s):
Gathering data
Threat name:
Win32.Infostealer.Fareit
Status:
Malicious
First seen:
2020-06-10 01:51:48 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
5/5
Detection(s):
Malicious file
Verdict:
malicious
Label(s):
guloader
Similar samples:
+ 958 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
5/10
Tags:
n/a
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.