MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4e4918945cfdbd65f76fcd903310782b77d9225fdfe5f0148eca44350a9a463b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	4e4918945cfdbd65f76fcd903310782b77d9225fdfe5f0148eca44350a9a463b
SHA3-384 hash:	46e73d339ab262f8e5b3ab6cc9690c202da5064800fbde4716d91ef76f61db1da572ee6ecdfc7e9f8aeab1ec2896009f
SHA1 hash:	8971eee64271b5862be059e56a9f4de00d410ec3
MD5 hash:	82d463dc1d557702c62b01bcc360c80c
humanhash:	west-quebec-august-table
File name:	file.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	258'048 bytes
First seen:	2021-05-24 16:04:24 UTC
Last seen:	2021-05-24 17:06:41 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	55a503a3bd20df6ca8e85e03331a4fd1 (3 x GuLoader)
ssdeep	1536:LopQV20MCIioVG+g+yI50UyN3AhnV2QU2zhGSCjN9c2UasKDfDmmneDm:LzVnoVG+gxNoV2QUNjNZkKF
Threatray	1'455 similar samples on MalwareBazaar
TLSH	6844B5B39E20E8CCEC2AC93C572F86138A20F8E5A53F1A36B593478DF665D525607317
Reporter	abuse_ch
Tags:	exe GuLoader

Intelligence

File Origin

# of uploads :

2

# of downloads :

185

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

file.exe

Verdict:

No threats detected

Analysis date:

2021-05-24 23:58:16 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/94c0f043-f4cd-4a2b-a9c4-2642e4ed6df7

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

Win.Malware.Filerepmalware-9864274-0

Result

Verdict:

Clean

Maliciousness:

Behaviour

Changing a file

Creating a window

Sending a UDP request

Creating a file in the Windows subdirectories

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

rans.troj.evad

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/790904

Signature

C2 URLs / IPs found in malware configuration

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Found malware configuration

Found potential dummy code loops (likely to delay analysis)

Multi AV Scanner detection for submitted file

Potential malicious icon found

Tries to detect virtualization through RDTSC time measurements

Yara detected GuLoader

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4e4918945cfdbd65f76fcd903310782b77d9225fdfe5f0148eca44350a9a463b/

Threat name:

Win32.Trojan.Vebzenpak

Status:

Malicious

First seen:

2021-05-24 12:50:09 UTC

AV detection:

19 of 29 (65.52%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jzerrfc47w6wl53pzwidgedyfn35sis737s7afeozjcdkcu2iy5q._file

Verdict:

suspicious

Similar samples:

0c856e57da034a8943b4065297d075365090d9eb925abb7ba74dd3df9acefc1f

27084ca2efd9f211569b913d31d8caee75cb773e73367c3f6cd40a78889a1934

31de85bffebf15b904ab8046680be20058efb7a2a411ec79c694194082a93e3b

3fda3b75f031e3800ff8714a936af691dafd64ae8f08a2d5cc8df19363391c09

6f8582beb15fc9d7978cf5664d99f426efc02d3c95aba21cf47520a16dc5a831

9b8e02c9169932cb809300c4dff5afc240aba4d5a87264f0f7123314345c6248

9f38ade8e53d28eef33a81e0559b92b44fa878ae9b61fadd3bb245d33486e2c0

c51924bcaad1fd98393bd75c23f6ca084bfed8f346085520bf61b550f85a3fa4

e6aef13368e192ef56a7909da02b2dc37144fe583c965140bac9d01bd450f53b

eb4570798beea07da40f390f8740e6ea4e735653a70cde0414997e23f87e1de6

+ 1'445 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/210524-9w5mlmspbx/

Behaviour

Suspicious use of SetWindowsHookEx

Guloader,Cloudeye

Malware Config

C2 Extraction:

https://robynsofcameron.com/TODAY_UfbMGFG184.bin

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/4e4918945cfdbd65f76fcd903310782b77d9225fdfe5f0148eca44350a9a463b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

exe 4e4918945cfdbd65f76fcd903310782b77d9225fdfe5f0148eca44350a9a463b

(this sample)

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample