MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c1fd78532bdfda40cd3c1a1e953307e979f71435272165b1104fee6d842d91e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	5c1fd78532bdfda40cd3c1a1e953307e979f71435272165b1104fee6d842d91e
SHA3-384 hash:	04cec27a3df89a59f9b464ab065336595e1cf7529498a1ac8e8c65963ac9e5e453c8d202ef6d663ba3df8281d95f15f6
SHA1 hash:	834a1e0034f86517fcb2769e07d0fd14f7357f26
MD5 hash:	fee55f81bbd101be0d4fe9730e5e7f00
humanhash:	sink-football-grey-friend
File name:	DOCINV060220_pdf.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	94'208 bytes
First seen:	2020-06-02 04:41:09 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	33bdacf4b84babb7d552d0f1a3af3a32 (2 x GuLoader)
ssdeep	1536:QzFO8lLHgjQlUKgkhYnSBZKQAIAW3cm4FHo:fxRkhYSxlAPZ
Threatray	1'036 similar samples on MalwareBazaar
TLSH	629339077E488512E12082712E57D3AA7F21BC264D429E4F794D6E5BBB383676CAC31F
Reporter	jarumlus
Tags:	GuLoader

Intelligence

File Origin

# of uploads :

1

# of downloads :

73

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Loki

Link:

https://www.capesandbox.com/analysis/5995/

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-06-01 21:50:41 UTC

File Type:

PE (Exe)

Extracted files:

6

AV detection:

16 of 30 (53.33%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=lqp5pbjsxx62idgtygq6suzqp2lz64kdkjzbmwyrat7onwcc3epa._file

Verdict:

malicious

Label(s):

guloader

Similar samples:

229d8d98a701a24e93b4e374092a5ce767fb859ffbc243cea9c1486b871dd4fb

2a1dd64638dac970b58a8dc939415fcc2a4532211295f1c72370df4df91447e1

4fa18cee955bc3a264f0b07c5b23f1d4584bc8bf3506ee2a3a55db73dd79f4cc

6d043b33b33e6baaf7514b9ca56f8dbd8aa57bc71a9040bf438bc780c1a4ad5f

b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f

c882cc422e4039600b31e53e369f05b29dc9dd38cab76facef8a42adc8d326b3

dd7268284b041dafef56b6a8a4b565b3a0c54e1eaacc68121a1688e03798e72d

de5da2008e231c60a227d6700248953651e0242542f07027e400760283b91d42

e28da88ff0d294d8f4bc7cacae31814a43026ddac38a554ef697e703122e46c5

e35d5297a515ddf23ac671f6110bb8f01a590e13d45dbeae5e96e0be414236b5

+ 1'026 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-hkd4ete21e/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 0777c8575bd4bbb75ef987d23313b78f390657ef5f3449c5bcfb7f1daf945937

exe 5c1fd78532bdfda40cd3c1a1e953307e979f71435272165b1104fee6d842d91e

(this sample)

Dropped by

MD5 7b1d031e79f619d1faace742737874ac

Dropped by

SHA256 0777c8575bd4bbb75ef987d23313b78f390657ef5f3449c5bcfb7f1daf945937

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/5995/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample