MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4fe68ecc976811b7c7acfd841f0746446f97e271b40819e93a35b17788767f9f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4fe68ecc976811b7c7acfd841f0746446f97e271b40819e93a35b17788767f9f
SHA3-384 hash: a8708de4382ae21c2d18cb96e3b830620afb6981e0fa04f2be29ae5746a3cb065bbc1a923c787da15123b8bd2e4ef6da
SHA1 hash: 4089f815967aff19c93952feae20f03de0134feb
MD5 hash: f3dd1bb8fdf2ac7ea61fbb6c88cf928e
humanhash: potato-arizona-coffee-sweet
File name:PRODUCT SPECIFICATION & SAMPLES.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2020-05-07 20:49:40 UTC
Last seen:2020-05-07 21:42:34 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7fd018c42935e6b603f1f1af37a9a5fd (1 x GuLoader)
ssdeep 1536:Nz0uDup4qUFdlFsfD1xxw9KsnBO0JdsZ:lrDupgsrLxCfJ+Z
Threatray 142 similar samples on MalwareBazaar
TLSH 6BA3A225AE94FD23E068B9F2C751B26ED3C56D7124B14A0377C1B22E9F78952DC2132E
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-07 21:49:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
19 of 31 (61.29%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=j7ti5texnai3pr5m7wcb6b2girxzpytrwqebt2j2gwyxpcdwp6pq._file
Verdict:
malicious
Similar samples:
10fb1047794d9a933f644978c5bfe1eb5dd2d66b87489823f69ca414d2688537
GuLoader
2797fabdb7ec8843947933f792ef8db22cc3bab5e06f8204ab4697acd0a04d55
GuLoader
3153b96e0d31eb2901117a088ffcdbe7e88ba65660171b0f0d43295ea21a27b0
GuLoader
43f7ca6a635db4dedd6c734f3af9ba5a96d87b4698f1c4eec56c8b86f6be26c9
GuLoader
463bda53d68b37fa531bc31652d2f76a92c76f3311707fb7a0037b4f3a5445d4
GuLoader
65b26141d162b4b392d2b18c07056bda8aadb778445f3fae73c9e75d6b639ecc
GuLoader
90aa9f9ad74752d2965816d8d68399d2b1c4fdce28c2ca57753196b3a2d60b34
GuLoader
af9f1fa67d9f21a777af09c9edcd8eba3765b556551a04dcb95b8163cd3b0c6d
GuLoader
f9cdc89e99a471146ead33ee9c93bca0ecc286e65cf326c4450a9d6d8597153b
GuLoader
fb27ede2845ba7d3b3c49f016df02727605684968700026041d8be88f41fdf68
GuLoader
+ 132 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-yv3d6sj82a/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

z 93ad4abb2da02d982b19b18c6519c30f37bae0fc64e134bac6531a450903e5a2

GuLoader

Executable exe 4fe68ecc976811b7c7acfd841f0746446f97e271b40819e93a35b17788767f9f

(this sample)

  
Dropped by
MD5 8b59c1f1f56b824d3d8abee4d2404849
  
Dropped by
SHA256 93ad4abb2da02d982b19b18c6519c30f37bae0fc64e134bac6531a450903e5a2
  
Delivery method
Distributed via e-mail attachment

Comments