MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 463bda53d68b37fa531bc31652d2f76a92c76f3311707fb7a0037b4f3a5445d4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 463bda53d68b37fa531bc31652d2f76a92c76f3311707fb7a0037b4f3a5445d4
SHA3-384 hash: 4fd7622527bfef1b0c25b38b3f71d846bcc6e40255c65b9fe8e49fbdfcd66216a8d6f806d7cfb4a553a8449877a6f668
SHA1 hash: 75a31e9fa1f6a0f6351cfaf0d4ca5f024af6d398
MD5 hash: fcbbe97c173d6797a94b3cca72590bee
humanhash: indigo-magnesium-nuts-item
File name:579072.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-07 15:53:32 UTC
Last seen:2020-05-07 16:55:41 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 31e1df3c5b75bc75270c362804fc66d7 (1 x GuLoader)
ssdeep 1536:CQiD7maMpvz+iFYfcWgaOc7hqpJKycvdezfXvI:TzvY0nb20zfQ
Threatray 456 similar samples on MalwareBazaar
TLSH C4B3811A9EA8EC23D62CB9F1D7A1B19ED3845D309C750A8F73D0772D9B38A11DC2161E
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-07 15:53:24 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iy55uu6wrm37uuy3ymlffuxxnkjmo3ztcfyh7n5aan5u6osuixka._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
10fb1047794d9a933f644978c5bfe1eb5dd2d66b87489823f69ca414d2688537
GuLoader
2b7498abb82bfc105fb641bc1b9e9da602bfeefb252dd8d16d7c1e4fbc3a4668
GuLoader
2ea5a4fb25528051254f255dc64913ca7d4faa1ecba2f40a55b536f871624fb9
GuLoader
4fe68ecc976811b7c7acfd841f0746446f97e271b40819e93a35b17788767f9f
GuLoader
504cd8dcf16b6e6b55271ef9bcd8603916ec5f81fdeb0615e3c970954d50a7f0
GuLoader
65b26141d162b4b392d2b18c07056bda8aadb778445f3fae73c9e75d6b639ecc
GuLoader
bb2faadcbc0d7c66a84bb763e34cc811194f21a2222541a62fd1c0d9d3ce6c42
GuLoader
c882cc422e4039600b31e53e369f05b29dc9dd38cab76facef8a42adc8d326b3
GuLoader
ddf6f04276c1d976e62e199e6c928fb7a3d7aaec455a1859f8d8f605c89ffc64
GuLoader
e0c1fb97e28bc9944bc045ee772dd8da34a985a9e410764734eacdb35429cd1b
GuLoader
+ 446 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-wm6y42tj3n/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments