MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 42c8ded976a7c9f295888220d4d2fc273535f1fa15e6e25cfceaf454188f7895. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	42c8ded976a7c9f295888220d4d2fc273535f1fa15e6e25cfceaf454188f7895
SHA3-384 hash:	7cc3287a30342b4bcc3e034a2a419ce21138bdca653d6693fb3af7343719578bbe82c33ae56b43b18076a23f2d6b3122
SHA1 hash:	12093edc01bcf89eb7a9758d1392592fb273de35
MD5 hash:	72d9c62e4483519df1303fe0c46d16aa
humanhash:	island-illinois-fish-social
File name:	PREVENTIVO RICHIESTO (2).exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	241'664 bytes
First seen:	2021-07-19 15:47:04 UTC
Last seen:	2021-07-19 22:07:42 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	e9f7dd0da1a2a1266893e1ae4ef42b67 (5 x GuLoader)
ssdeep	3072:c3BepJlZa/E5cv3MRwqmVqY+9uiwBDa1Gh7HJlZapGBR:eiUEUMyqmVrTjDc4HP
Threatray	5'254 similar samples on MalwareBazaar
TLSH	T1F434191E7A05E81AF9DAC4B73019E0AB62127C7781454E0B720C7F71D836775AC6BEC6
Reporter	JAMESWT_WT
Tags:	exe GuLoader

Intelligence

File Origin

# of uploads :

3

# of downloads :

207

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

PREVENTIVO RICHIESTO (2).exe

Verdict:

No threats detected

Analysis date:

2021-07-19 14:16:01 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/b22416f6-7851-428e-a8c7-55984f1ac5e4

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/172608/

Detection(s):

SecuriteInfo.com.__vbaHresultCheckObj.19912.3891.UNOFFICIAL

Result

Verdict:

SUSPICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/f2a05be3-c9c1-49e9-947b-ccdcb76002de

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

troj.evad

Score:

92 / 100

Link:

https://www.joesandbox.com/analysis/818371

Signature

C2 URLs / IPs found in malware configuration

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Found malware configuration

Found potential dummy code loops (likely to delay analysis)

Multi AV Scanner detection for submitted file

Tries to detect virtualization through RDTSC time measurements

Yara detected GuLoader

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/42c8ded976a7c9f295888220d4d2fc273535f1fa15e6e25cfceaf454188f7895/

Threat name:

Win32.Trojan.GuLoader

Status:

Malicious

First seen:

2021-07-19 11:22:52 UTC

File Type:

PE (Exe)

Extracted files:

16

AV detection:

24 of 46 (52.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ilen5wlwu7e7ffmiqiqnjux4e42tl4p2cxtoexh45l2figeppckq._file

Verdict:

suspicious

Similar samples:

0005e5022cd608e05426c717720cab930b17de32f9afde7af7db5bff68db21ea

15145ed8e5ae3cf2acf9ad25bbcb3f782c4d8ba9674185d06baa66ae6d17f25a

464e32b273ff94e18247402fec1445dceb07fe8ea16490038fa64b9a23672cf0

4e16c663be416ebc214f67367811ccbfec46102cc9ecac856b91f58ff775885d

6f47b4825836d58654b05deac55c892825a83e479c406b9b027a0dc6bd8e3938

842a028d1a0b25b4e443f3df6f4ad724b53826604d6e5963668223e44740033f

987dc74919f44878a84a0f55e4edb62da489c9423dc048bab596f16dfac56942

a3feb5265e6d02710f04ff618e966e9da9ba8fc8dc5692d6f7633fe0a3037b66

c62acb5894988284f4effb5bd8ece3701c9fe7854d865bb75f2eb447556d9c8f

cf6542bb87d706ab7d6fd3f7fa0a2594d3b0ed8a9d15b481252d0c405ecd36ef

+ 5'244 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/210719-fghr19qz6x/

Behaviour

Suspicious use of SetWindowsHookEx

Guloader,Cloudeye

Unpacked files

SH256 hash:

42c8ded976a7c9f295888220d4d2fc273535f1fa15e6e25cfceaf454188f7895

MD5 hash:

72d9c62e4483519df1303fe0c46d16aa

SHA1 hash:

12093edc01bcf89eb7a9758d1392592fb273de35

Link:

https://www.unpac.me/results/dcdc5b40-9f0b-494f-8285-5246deb63b61/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/42c8ded976a7c9f295888220d4d2fc273535f1fa15e6e25cfceaf454188f7895

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/172608/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample