MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 436af72db3e016305f4b9721a6511b1eb15446d26080abe63b347135a70ec68f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 436af72db3e016305f4b9721a6511b1eb15446d26080abe63b347135a70ec68f
SHA3-384 hash: b1ad02a43f608bd32ace9fe71eb3d031cfc7e76c809de7de5e90c5da5f82fba26cc32653d3b3fb6f7c8c29b4c432cc83
SHA1 hash: fda227b4069c5b6d0f6905eb85066a8eb1e3a2df
MD5 hash: 029bfa1a5d195a003a808d74d8fd035e
humanhash: massachusetts-friend-tennis-papa
File name:a.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-21 16:47:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 115284b5c3b355f4c6b2c44dd2d4b9ae (1 x GuLoader)
ssdeep 1536:3XGe4/guTX0ReGm253GiUADIZq8dPz6LUdIiB5SC:3XGz/1TX0ReB253GibDIZq8dPz6LUtv
Threatray 95 similar samples on MalwareBazaar
TLSH 17930A53F1A445A2E3900DB19B78EFE8125FACB02511C9037EC53E6D5A37B46E66233B
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/4456/
Detection(s):
Win.Trojan.Generic-7788440-0
Create hunting rule

Win.Dropper.Vebzenpak-7789286-0
Create hunting rule

Win.Trojan.Generic-7789322-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 07:31:07 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0c860d517b29953e126f807fec21e933de60da086fcba3987740d166d98ebe42
GuLoader
326aa22d661fd262228d923060567f454018f747da012948ed360270cdb53041
GuLoader
533abb61ce480e7682c142da1ee6d9385887b041965f9bc35e575f928412cd9e
GuLoader
660a49721def9ee57de8308890698817374f2e052de7d2debe8be75158845aab
GuLoader
7d3d0bdf5b069659ff146015c331b9e5472d38641ce0e286ca61f31a8781cb2a
GuLoader
9028aeddf4c76b16753ea37720bae4088308671214e6cf192705622cf07d41e5
GuLoader
95a515b2db694772c59e0bf4b5a9f3c56f3745bee5472627df13653286bd694f
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b92c0aafb4e9b0fc2b023dbb14d7e848249f29e02b0e4cd8624ce27e55c9ac4c
GuLoader
fb2c048266bbfed7ec3c0d6786ae7584aabf6f54b7ddbdffc19ab4d71a29ffc6
GuLoader
+ 85 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-pjb66fc42n/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/365924/
Cape
Cape
https://www.capesandbox.com/analysis/4456/

Comments