MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3f156e6cda9e6e1a358cc2df660cffcce106b627e74362bc6fa817208f626b74. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3f156e6cda9e6e1a358cc2df660cffcce106b627e74362bc6fa817208f626b74
SHA3-384 hash: d57dda0e47c6e676252a5eed679aac1f404444b77c313fe3271746c6bb6e74efdb5978f530824b8e961f12a74073f6df
SHA1 hash: 3e685edd1734d466f9b06aa26c7952398707accb
MD5 hash: 513a38d1c5949dbf98a25f82519d40b5
humanhash: blue-yellow-aspen-alanine
File name:PO-0909T7656067M50-May-Order-Sample&Specification_Project.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-12 16:08:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 401496c24c0f17d805cb39fba6623b58 (5 x GuLoader)
ssdeep 768:zsGtDVk444hpEOaEUBTNHJCJOZjZmumyPkBpJZUHP:VThuLBTGJM9bEY
Threatray 111 similar samples on MalwareBazaar
TLSH A0932A42B1D8D562D1168EB12F2A9BE8829FFD708D46CE0764C13F5D2A36F16B97031B
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: mail-smail-vm34.hanmail.net
Sending IP: 203.133.181.14
From: 신예원 <yewon4366@daum.net>
Subject: RORZE: PO-0909T7656067M50-May-Order-Sample&Specification_Project
Attachment: PO-0909T7656067M50-May-Order-SampleSpecification_Project.img (contains "PO-0909T7656067M50-May-Order-Sample&Specification_Project.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.45766.9346.22793.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 03:07:54 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=h4kw43g2tzxbunmmylpwmdh7ztqqnnrh45bwfpdpvalsbd3cnn2a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2cd6fffb63a9a7e9c8b6709904d69954c4818e64dcf7e3bd95eea2a7ae28cd81
GuLoader
35de9956cb66110ef820db84e9eb9af8ea161f63a7ccfceb482c21299db67e9d
GuLoader
4f965aee8b694528d2d11d5a80eeee466959650ffcd12b5f0fc28d3a11709e27
GuLoader
6d774b6ef4a21efee8a9116bfc18ab1a0a0609e058638a77566a29c9d98f7982
GuLoader
7cb03872ebbfad73a583eeef48a405eea3b26fc09aea1ee521d3959975b28b0a
GuLoader
7cc0c6e489cb1b2d1dae70339b9409f9a54fa7d8920430490663b6f28ea4a7b4
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
d8893925a5d8f9574be0f322355b79372e9c58dacc1e7737223a7b96e53fe4f6
GuLoader
dfc591ce4559101d5c59cf6cc2773496733b1fac5a058529bb093a56298dc8e6
GuLoader
f8707020bc0b78ae0fab3bd9794993c4cae406d9f13fcb6098f3321cb6bba515
GuLoader
+ 101 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-57clkfyn3x/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

f5d0e7907e2e42c130f497b856ede0b3

GuLoader

Executable exe 3f156e6cda9e6e1a358cc2df660cffcce106b627e74362bc6fa817208f626b74

(this sample)

  
Dropped by
MD5 f5d0e7907e2e42c130f497b856ede0b3
  
Delivery method
Distributed via e-mail attachment

Comments