MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e3529db8cde73fcdb792f6414ebe6fb9a6ec5ba5cf5f503376a795387b2020e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e3529db8cde73fcdb792f6414ebe6fb9a6ec5ba5cf5f503376a795387b2020e
SHA3-384 hash: 00e0159881f12101e2611338d092595560385b79853556f069572c7871ef9e05b51f1fad8421226d9520565a41648b90
SHA1 hash: ed269a8d131ad2370dfe89f28acfca28e10837a1
MD5 hash: e46964a32977269a1be8fc6cb8965762
humanhash: ceiling-asparagus-steak-foxtrot
File name:3e3529db8cde73fcdb792f6414ebe6fb9a6ec5ba5cf5f503376a795387b2020e
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-06-03 09:02:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f2ce6a98cc3b3d529c394b60868ba3e8 (1 x GuLoader)
ssdeep 1536:11wSPfxV40AzoZ5OYgkgrKHxLdGKc+o0FDHdZ1gIviUhZrpTvcFZLTV:1HPXAz+DKKVdhjFD9zrnkFZv
Threatray 1'476 similar samples on MalwareBazaar
TLSH 93B37B03EC4D8953D14487BC2D528DBA3B0DA91D4D005FEF713AAEAFAD326522CA711E
Reporter raashidbhatt
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6237/
Detection(s):
Win.Dropper.NetWire-7996875-0
Create hunting rule

Win.Malware.Razy-7997182-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 14:02:06 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hy2stw4m3zz7zw3zf5sbj27g7ong5rn2lt27kazxnj4vhb5saiha._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
17f52dbf63e20cb471e6da579551830186446d814a14162ec3569c62fb6f0771
GuLoader
2f99de0c12f67f877e1944d5bc6f889ff9013fb7e902b91260f4bdc952959d7e
GuLoader
335d8ed00053696daafe3bf49972b52e1db2588c913d6de0e14e6fcd158d90c5
GuLoader
6535df8dcbd659939c18a93ee2b58e8ef05898e1baa30932cf3cfa876659d183
GuLoader
7d110a4f6f206b5fb49742150bdbd7ffc43b29a5b2fa32424ef32aa20c4696f8
GuLoader
87f0608e17f3f39e988ac186a431366e1de35968b89943a03f6681e23ab5b684
GuLoader
97d8ae62cb751e857b04d9eaa68ee2acce3d7243009bdb04639a729cdfc7cbf3
GuLoader
9dad25bb4c66c85c54da83d5c2ed752ed7c3452863fc4b46bda7cf440fef509b
GuLoader
ca1db184290b274c1f78b091bf019926fa258dd8b1f5bb316a55832aec970338
GuLoader
f4a522f673e38bf75d61a8c1c53dc48b36be2c37986259cd8ef7b605fd6716ca
GuLoader
+ 1'466 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-4wym9hrhes/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/6237/

Comments