MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4326190ec077d66ad458337eed8a4f517cfd354247e921c4d01d9f50d9346e32. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	4326190ec077d66ad458337eed8a4f517cfd354247e921c4d01d9f50d9346e32
SHA3-384 hash:	b3eac26619dd4febe9df1be1a66c8b3dcb82c758f5c66eae1848dc2b60e47e0de08ee9bf2f45f2a0df00acac282379a8
SHA1 hash:	07b6f45608594b9ee812a9a95f80e51d644424c9
MD5 hash:	bc6d6f6c55211e9ffc8972f330135da7
humanhash:	lima-red-rugby-princess
File name:	June-July_Commission_List_Summary-2021.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	471'040 bytes
First seen:	2021-08-02 05:27:11 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	6a2215b83e94f57aa594370ef2448759 (1 x GuLoader)
ssdeep	3072:W1bzponwO9HPBFRXBQnmCpy4eeF9d6tTbsYPYcF4v98C8OZW44PcpLg7SO32OGl0:W1bz+woHOmtmmTNYMSB
Threatray	18 similar samples on MalwareBazaar
TLSH	T107A4E6B2E508549AEE550B7099339DB34096FDBC6DB7975D60EEBA360BF3342000A61F
dhash icon	010908090b0d0d09 (1 x GuLoader)
Reporter	abuse_ch
Tags:	exe GuLoader

Intelligence

File Origin

# of uploads :

1

# of downloads :

759

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

June-July_Commission_List_Summary-2021.exe

Verdict:

No threats detected

Analysis date:

2021-08-02 05:37:30 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/8632a781-4484-46f3-837d-d90e5ae6fbaf

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/175639/

Detection(s):

SecuriteInfo.com.__vbaHresultCheckObj.19324.22629.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Malicious Packer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/27dc2184-7390-4f42-8536-497c92bdd4d3

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

evad.troj

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/825338

Signature

C2 URLs / IPs found in malware configuration

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Found malware configuration

Found potential dummy code loops (likely to delay analysis)

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Tries to detect virtualization through RDTSC time measurements

Yara detected GuLoader

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4326190ec077d66ad458337eed8a4f517cfd354247e921c4d01d9f50d9346e32/

Threat name:

Win32.Trojan.Mucc

Status:

Malicious

First seen:

2021-08-02 00:00:44 UTC

AV detection:

12 of 46 (26.09%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=imtbsdwao7lgvvcygn7o3cspkf6p2nkci7usdrgqdwpvbwjunyza._file

Verdict:

suspicious

Similar samples:

00777c86e585397754f0e73a927bcaa3e39a4948d9bb28e758f0f5bfdac1eef4

0555ac95a40bd6c96d32c909b688da25534d09a514b4cc24a2b7a2ee6ce1b733

3709110cc04e0eaffe10bec5e8a5c82b858bee4195975e7bcd30c50b246f56c3

4bb72d11d5f81e16f5113c8dc0c59d5331e0cf61259bea30dc57143ef30856b9

4e4918945cfdbd65f76fcd903310782b77d9225fdfe5f0148eca44350a9a463b

6d26df7a7163053aa756f62ee4504af93020696cee98a1fc891c600ac76acc1c

e6aef13368e192ef56a7909da02b2dc37144fe583c965140bac9d01bd450f53b

f5773e4517ef94e87022bae134a0298f6f9e688561c41e0ef5d4dd75d8defd51

+ 8 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/210802-mnppef3p46/

Behaviour

Suspicious use of SetWindowsHookEx

Guloader,Cloudeye

Unpacked files

SH256 hash:

4326190ec077d66ad458337eed8a4f517cfd354247e921c4d01d9f50d9346e32

MD5 hash:

bc6d6f6c55211e9ffc8972f330135da7

SHA1 hash:

07b6f45608594b9ee812a9a95f80e51d644424c9

Link:

https://www.unpac.me/results/978587c8-658f-4ee3-b118-2b6d1b970321/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/4326190ec077d66ad458337eed8a4f517cfd354247e921c4d01d9f50d9346e32

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/175639/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample