MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 40448ac4d77204f07911c0b53293d8c82591e0dca53b0eed9b4453d6133eff58. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments

SHA256 hash: 40448ac4d77204f07911c0b53293d8c82591e0dca53b0eed9b4453d6133eff58
SHA3-384 hash: 40cef3141a4fba33a1b2d8233920e41f4460030b7c5ceb94e92a85aa1a752c41a1c636d072618efaa01e929771156e52
SHA1 hash: 07e5a6fe77e30914c0e168a158d620ac18097604
MD5 hash: c9527bb3926299baa12191ef75aeac53
humanhash: bulldog-paris-william-spaghetti
File name:e-dekont.pdf.exe
Download: download sample
Signature GuLoader
File size:65'536 bytes
First seen:2020-06-10 17:28:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f90395c7572edc949145dfce2df6f159 (1 x GuLoader)
ssdeep 1536:bZ94d4xRdeMK9tuQ7rb7CCGejgY2yMfri0NEteN:v4dm4RXxRgqHte
Threatray 676 similar samples on MalwareBazaar
TLSH 69535C4F7E48E493E1340B7059B39A542676AC299E00EE4B3E9C7F5ED931182BCE721D
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
http://185.205.209.166/wext/bin_hKjyTFAIZm90.bin

Intelligence


File Origin
# of uploads :
1
# of downloads :
153
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Status:
Malicious
First seen:
2020-06-10 17:30:11 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 40448ac4d77204f07911c0b53293d8c82591e0dca53b0eed9b4453d6133eff58

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments