MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 439b1ce1850d9e816c22919cc13a412b9d1f00098486a642e97f34e7a62bd63a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 439b1ce1850d9e816c22919cc13a412b9d1f00098486a642e97f34e7a62bd63a
SHA3-384 hash: 64cc3ace4d281fffcf4cd60fb122fe2451ad8c2aa1d844f79ff0acc7685abf969a57f40a55f98c00281e8588c3919d74
SHA1 hash: 0ff96bb6c163c9dfc6f5e42c4407347c947dcb6c
MD5 hash: d7c368f0c65c2a8c565df3815e70ef9e
humanhash: potato-spring-july-ceiling
File name:Pedido Número 4432003039.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:204'800 bytes
First seen:2021-06-14 06:14:04 UTC
Last seen:2021-06-14 06:48:37 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b2e3727c442d471988cc35e3702b319a (1 x GuLoader)
ssdeep 1536:JFNAAUuyxDi/795L+oJZzQwiVCw49lmWA6WWwdQxo:8ubh5LpJZzQRwxVWWwdQq
TLSH 72146DA17B60D582F54B8474284EBAA5C27CB875114C8B27F881B3BCA43DBD2E60577F
Reporter lowmal3
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
188
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Pedido Número 4432003039.exe
Verdict:
No threats detected
Analysis date:
2021-06-14 06:16:35 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/8f987272-dd80-4152-8929-c3ed15fba60c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.46458769.13192.12365.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a window
Creating a process from a recently created file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/5d7b2563-3376-48a3-a294-3248a854a23c
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/801538
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found malware configuration
Found potential dummy code loops (likely to delay analysis)
Multi AV Scanner detection for submitted file
Potential malicious icon found
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/439b1ce1850d9e816c22919cc13a412b9d1f00098486a642e97f34e7a62bd63a/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2021-06-09 08:35:37 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ionrzymfbwpic3bcsgomcosbfoor6aajqsdkmqxjp42opjrl2y5a._file
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210614-x111hjfqzn/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
439b1ce1850d9e816c22919cc13a412b9d1f00098486a642e97f34e7a62bd63a
MD5 hash:
d7c368f0c65c2a8c565df3815e70ef9e
SHA1 hash:
0ff96bb6c163c9dfc6f5e42c4407347c947dcb6c
Link:
https://www.unpac.me/results/376f619e-ecae-4c7a-a939-9537a95f6f81/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/439b1ce1850d9e816c22919cc13a412b9d1f00098486a642e97f34e7a62bd63a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 439b1ce1850d9e816c22919cc13a412b9d1f00098486a642e97f34e7a62bd63a

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments