MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 7a31d09cfe9943fd971a89ab3e411ba085d3cb57bf27b0a8d1a591e4be6f9102. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
GuLoader
Vendor detections: 5
| SHA256 hash: | 7a31d09cfe9943fd971a89ab3e411ba085d3cb57bf27b0a8d1a591e4be6f9102 |
|---|---|
| SHA3-384 hash: | 8819e41da2f9f1330d9892bf6099ca4842480413f8cb06bee09db0a1c76ca3699e3efeb268a59ae43e882187c5d35d71 |
| SHA1 hash: | f6e06dc79eb099f9f978c1958d2c836e1ff174e9 |
| MD5 hash: | 9c85fdb2c7f730fb0afaeb970b61c2ae |
| humanhash: | thirteen-johnny-florida-fifteen |
| File name: | Order_#EY84730854US.exe |
| Download: | download sample |
| Signature | GuLoader |
| File size: | 155'648 bytes |
| First seen: | 2020-06-05 19:34:51 UTC |
| Last seen: | 2020-06-05 21:01:02 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 0791a963be26e411a819420142da86e2 (1 x GuLoader) |
| ssdeep | 3072:Urdh4/KCWFXEpzTjeUfqg2rT2pNeZB0b7nx0RGs7GgaD1UA2n3KH23vJwvTVIvVz:UgpSXwVVG |
| Threatray | 983 similar samples on MalwareBazaar |
| TLSH | 9AE31A52F515DC99D4A62AF19C1BEC5122036C1DAA601A1F21CABF3DF5F339324A7B0B |
| Reporter |  abuse_ch |
| Tags: | exe GuLoader UPS |
abuse_ch
Malspam distributing GuLoader:HELO: theusp.online
Sending IP: 45.63.89.156
From: UPS Express<delivery@theusp.online>
Reply-To: delivery@theusp.online
Subject: Package delivery
Attachment: Order_EY84730854US.img (contains "Order_#EY84730854US.exe")
GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1QmYJNcD7dK2VunD5OhRq2b4tSGn_KiAS
Intelligence
File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Nanocore
Detection(s):
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Status:
Malicious
First seen:
2020-06-05 19:36:13 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
5/5
Detection(s):
Malicious file
Verdict:
malicious
Label(s):
guloader
Similar samples:
+ 973 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
5/10
Tags:
n/a
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.