MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 460a85fda060cc0c8ab5a1aace37dc1f14bc400f4a3b011e613f64e0000c77b6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 460a85fda060cc0c8ab5a1aace37dc1f14bc400f4a3b011e613f64e0000c77b6
SHA3-384 hash: 503cd9bf96420784798397694cad587df7415ea4b1c2f021d8e878fa2ef9d2d15dfccfd57d6f50590f86cfbf4effb357
SHA1 hash: 5a77033358291dc543cc712a7730e1b5cb8da1c5
MD5 hash: f57484ee860aaffcea7e649d8d9723d5
humanhash: don-autumn-michigan-blossom
File name:f57484ee860aaffcea7e649d8d9723d5.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-26 13:33:25 UTC
Last seen:2020-05-26 15:24:27 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 845a1bb67fa3303ba412d6dfeda4e56e (1 x GuLoader)
ssdeep 1536:Q74JzpG8s+k6Xkc3wHfmbhu1SdpkTSvg:hzpbZk6Uc3wuHpbI
Threatray 5'333 similar samples on MalwareBazaar
TLSH F8B3F72374E54E72DC3C8FF60D729658AAAAAD5429404F03B189F75E3A351DB2C74317
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
http://ratamodu.ga/~zadmin/iclient/apsfb_BAUdZ119.bin

Intelligence

File Origin
# of uploads :
2
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/4961/
Detection(s):
SecuriteInfo.com.Mal.FareitVB-AE.2343.29832.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 13:36:23 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1004b3957abb87dd5bd6a77a0b65930f32bb27a7121a10715ac8ca170619b024
GuLoader
1e7f88a0e73d63b2f6bbbb4c009b1eec11999ce62da1d3122473cabd502134c2
GuLoader
3ccf8c8e41e08d5a8152659ca2cd6348a15c126ca4571129d4a118de63d45f80
GuLoader
6dab870a5c920547d6a8a343244b15e61a764f4714a438c4212db404dc18f278
GuLoader
71143c4b78e1626ce16fc67c88e5237afe61c74ed256712f78aea97b79c5e890
GuLoader
7f97b36a796167d7d641a811c64ac23e7ff9998422308aec6d5753b9625f3729
GuLoader
a4f594a78d5df595fe969cd0643707f5ca04aa10a7ef29f5617e3aa1e8db6d5f
GuLoader
afa6acb992c2a3a3ee436a4627f8f5e0feed8e6a77dfa4ed6715069f12aef650
GuLoader
b7853fa1e5921dd495975f697eb17ec18253ac022980855730598ef667ce9c2e
GuLoader
da32993754454442eef39fdeebd12d93d25299369f4db9c8bf64b6884a07c4ed
GuLoader
+ 5'323 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-why2xy8am6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 460a85fda060cc0c8ab5a1aace37dc1f14bc400f4a3b011e613f64e0000c77b6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365702/
  
URLhaus
https://urlhaus.abuse.ch/url/365948/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/4961/

Comments


Avatar
CAPE Sandbox commented on 2020-05-27 10:10:36 UTC

#Formbook

https://capesandbox.com/analysis/4961/