MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 42ff703cc63bd080af259c63b1a79c62c280692dbc4c70282c4a1eba788f0287. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 10

Intelligence 10 IOCs YARA 1 File information Comments 1

SHA256 hash:	42ff703cc63bd080af259c63b1a79c62c280692dbc4c70282c4a1eba788f0287
SHA3-384 hash:	d2275d7526742647acf57be8a2c3b4727c99b72d205412fee9e5ed9f40fe33f94cb0ec9b90ff591c7a208189786242a9
SHA1 hash:	3e16dd8284a1daff0b0b7cfee8af6f7ca7ef2034
MD5 hash:	c93dfa5b4e3261d8df32c24ec5cf9556
humanhash:	helium-nitrogen-pennsylvania-pizza
File name:	c93dfa5b4e3261d8df32c24ec5cf9556
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	161'064 bytes
First seen:	2022-07-20 13:50:28 UTC
Last seen:	2022-07-23 04:23:12 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	5f0c714c36e6cc016b3a1f4bc86559e4 (199 x GuLoader, 14 x Formbook, 4 x AgentTesla)
ssdeep	3072:wkBGWOsTIJgIDU5A/cmjjb/PDnGYMOPwU5JL2mx1wJhLsVcDn+Ljf9OUJo:w1ssjhjzGVwpxURs6L4jVS
Threatray	3'790 similar samples on MalwareBazaar
TLSH	T1FCF301C11660C6A3ED7395B009BA3F12CFB1EA6262D446434758BA097E73783C71F283
TrID	48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 16.4% (.EXE) Win64 Executable (generic) (10523/12/4) 10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	f4e8ccdcccdcdcd4 (1 x GuLoader)
Reporter	zbetcheckin
Tags:	32 exe GuLoader signed

Code Signing Certificate

Organisation:	seward Amintor Bolivianerens
Issuer:	seward Amintor Bolivianerens
Algorithm:	sha256WithRSAEncryption
Valid from:	2022-02-04T14:36:39Z
Valid to:	2025-02-03T14:36:39Z
Serial number:	-0858674256b1b4c9
Thumbprint Algorithm:	SHA256
Thumbprint:	24e11b60b1d1cf4e2fc76d60f810453bd906856abfe299418c4bb10cf1736856
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

276

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/292937/

Detection(s):

SecuriteInfo.com.Gen.Variant.Nemesis.9210.32007.2197.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Creating a file

Creating a file in the %temp% subdirectories

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/26848/overview

Behaviour

MalwareBazaar

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

buer overlay packed shell32.dll

Link:

https://www.filescan.io/uploads/62d8084900d6e9040b57d935/reports/a348a632-aea1-4d96-bf08-5a7d66fb27e6/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

troj.evad

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/1037573

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/42ff703cc63bd080af259c63b1a79c62c280692dbc4c70282c4a1eba788f0287/

Threat name:

Win32.Trojan.Nemesis

Status:

Malicious

First seen:

2022-07-19 19:16:24 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

20 of 39 (51.28%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=il7xapgghpiiblzftrr3dj44mlbia2jnxrghakbmjiplu6epakdq._file

Verdict:

malicious

Label(s):

cloudeye

GuLoader

121dae49dacf1290b5ef4de577a01161b523d9edf8564fa765e7c00ac6c3b862

GuLoader

3f2c09a0f5ef78464bc15d52f74d898136ad3605fca220c72d5b38599033d3a5

GuLoader

4e6a98f49ac2a278d129e4aaf8e8eab4dfe1c7ba0e13aa04dbd7a6952cb1dd2b

GuLoader

53a1845a7d811a116b02d68da692eb9574befd248c4bb5015f0391e52edd34bb

GuLoader

97cfde3665f5af9b1cde9fc4f4e27144d24ae85fed47f407f576eadc6a43649f

GuLoader

9dea1f77cbe4728bcb0ef4d8678842a4623218e005c4637e462257cce1b0c9f2

GuLoader

9eb7c4ee977f3961ee314e89468f793611fa8c5c95c1f73fdff318b674d6919f

GuLoader

bc087788e42eda82911a110800e13585717e166a351ce1d217f0c93e19199e19

GuLoader

c732cdf1e9a860f4a90bfb86cf661c838f2848e323c7670f23dc9606fd017389

GuLoader

+ 3'780 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader discovery downloader

Link:

https://tria.ge/reports/220720-q5sywagbcr/

Behaviour

Enumerates physical storage devices

Checks installed software on the system

Loads dropped DLL

Guloader,Cloudeye

Unpacked files

SH256 hash:

c7a20bcaa0197aedddc8e4797bbb33fdf70d980f5e83c203d148121c2106d917

MD5 hash:

792b6f86e296d3904285b2bf67ccd7e0

SHA1 hash:

966b16f84697552747e0ddd19a4ba8ab5083af31

Link:

https://www.unpac.me/results/9399ae05-bc8f-48d3-9d1c-865ddd022016/

SH256 hash:

42ff703cc63bd080af259c63b1a79c62c280692dbc4c70282c4a1eba788f0287

MD5 hash:

c93dfa5b4e3261d8df32c24ec5cf9556

SHA1 hash:

3e16dd8284a1daff0b0b7cfee8af6f7ca7ef2034

Link:

https://www.unpac.me/results/9399ae05-bc8f-48d3-9d1c-865ddd022016/

Malware family:

GuLoader

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/42ff703cc63b/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.02

Link:

https://yomi.yoroi.company/submissions/42ff703cc63bd080af259c63b1a79c62c280692dbc4c70282c4a1eba788f0287

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.