MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7ce7af38278c1f5a5409bf224fbcac9e3e7ed3a5f34e74f347f06c6ee75edc2b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 14


Intelligence 14 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7ce7af38278c1f5a5409bf224fbcac9e3e7ed3a5f34e74f347f06c6ee75edc2b
SHA3-384 hash: ae17a0af23ef30700bffde9abdf862e18bd10c359b252664c4bc75e616860c194054b7a95c0ecb0c4f2704f17d6d9368
SHA1 hash: 4d4351651013f8fc4a29058e018123d0843ee12f
MD5 hash: 60b32537581a3200a06fb895f7745aaf
humanhash: twelve-alabama-aspen-xray
File name:7ce7af38278c1f5a5409bf224fbcac9e3e7ed3a5f34e74f347f06c6ee75edc2b
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'263'208 bytes
First seen:2025-10-10 06:39:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b34f154ec913d2d2c435cbd644e91687 (548 x GuLoader, 117 x RemcosRAT, 80 x EpsilonStealer)
ssdeep 24576:sjQt3i3fIl9Eof4FJM9v/nokpAveOXFL4lqSRdTJzgyk5S7sY28cVyGSvzD1DKJ+:33iwr4FGgeAvFXFL4lqSnt65Ot2VkhDv
Threatray 2'469 similar samples on MalwareBazaar
TLSH T1CB4512C012AEA39DC9D819F0D6C8739A84E75F0D18D30AFF6341B65AA8FF681355E523
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10522/11/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
Reporter adrian__luca
Tags:exe GuLoader signed

Code Signing Certificate

Organisation:Biglot
Issuer:Biglot
Algorithm:sha256WithRSAEncryption
Valid from:2025-08-09T02:36:40Z
Valid to:2026-08-09T02:36:40Z
Serial number: 347646a13d743d3f7e8482f6ed10027828bd613f
Thumbprint Algorithm:SHA256
Thumbprint: 5d6e47d5b55cbe6b06642c22266dfe0f1286279a95ef74c5018ef8a5b900797f
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
HU HU
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
7ce7af38278c1f5a5409bf224fbcac9e3e7ed3a5f34e74f347f06c6ee75edc2b
Verdict:
Malicious activity
Analysis date:
2025-10-10 09:03:12 UTC
Tags:
snake keylogger evasion telegram stealer
Link:
https://app.any.run/tasks/8660f28e-7e5d-46a0-976f-4b4bb837d0d3

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/32113/
Verdict:
Malicious
Score:
93.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68e8ab5d8b7b147cc4b68c27
Tags:
shellcode uloader virus
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Searching for the window
Creating a file
Delayed reading of the file
Creating a file in the %temp% subdirectories
Sending a custom TCP request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context guloader installer microsoft_visual_cc obfuscated overlay signed
Link:
https://www.filescan.io/uploads/68e8b3d1fe81c560ba566b40/reports/ab54cc61-f8c1-4309-84ae-bd255fe96c73/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/7ce7af38278c1f5a5409bf224fbcac9e3e7ed3a5f34e74f347f06c6ee75edc2b
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-09-15T06:49:00Z UTC
Last seen:
2025-10-10T13:30:00Z UTC
Hits:
~10000
Link:
https://opentip.kaspersky.com/7ce7af38278c1f5a5409bf224fbcac9e3e7ed3a5f34e74f347f06c6ee75edc2b/results?tab=lookup
Malware family:
Unlabeled
Create hunting rule
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/f2064f42-1b4c-41d0-8d21-cd1fc463fae4
Score:
93%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/7ce7af38278c1f5a5409bf224fbcac9e3e7ed3a5f34e74f347f06c6ee75edc2b
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
Executable NSIS Installer PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/60b32537581a3200a06fb895f7745aaf
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7ce7af38278c1f5a5409bf224fbcac9e3e7ed3a5f34e74f347f06c6ee75edc2b/
Threat name:
Win32.Trojan.Guloader
Create hunting rule
Status:
Malicious
First seen:
2025-09-15 18:26:59 UTC
File Type:
PE (Exe)
Extracted files:
8
AV detection:
18 of 24 (75.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ptt26obhrqpvuvajx4re7pfmty7h5u5f6nhhj42h6bwg5z263qvq._file
Verdict:
malicious
Label(s):
cloudeye
Create hunting rule
Similar samples:
07dd788eaf264a645dce4b24536deda60690bba09125d2c9babc7ec786734344
GuLoader
21773cea42a57dff11a05f01ea94f48fc457871b110a410e4ccb416a4e346229
GuLoader
2aa855e58f1d16de00731cb9406d658533187046015073f293265f85ce07ba45
GuLoader
393f30348ea8776aa8d647b548afb06f03a56b5b212c5eaae7f306121cf3b57e
GuLoader
4e11fd9ebcd710646c1c685691837f3e2d4983e9232279ece12a6db9be569ba1
GuLoader
c829830d55396b4d79630c268cc875bc59c950daac4ee0476560a2edc3f8f87a
GuLoader
caef8879c0d342104b19377c5854b3b500d1c66f46ba1f0eea7dba6ab3562bf3
GuLoader
error
GuLoader
+ 2'459 additional samples on MalwareBazaar
Result
Malware family:
vipkeylogger
Create hunting rule
Score:
  10/10
Tags:
family:guloader family:vipkeylogger collection discovery downloader keylogger spyware stealer
Link:
https://tria.ge/reports/251010-h4ze9swscw/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Drops file in Program Files directory
Drops file in Windows directory
Suspicious use of NtCreateThreadExHideFromDebugger
Suspicious use of NtSetInformationThreadHideFromDebugger
Accesses Microsoft Outlook profiles
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Loads dropped DLL
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Guloader family
Guloader,Cloudeye
VIPKeylogger
Vipkeylogger family
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/f0974b90-0518-4873-b830-92647a81ca59
Unpacked files
SH256 hash:
7ce7af38278c1f5a5409bf224fbcac9e3e7ed3a5f34e74f347f06c6ee75edc2b
MD5 hash:
60b32537581a3200a06fb895f7745aaf
SHA1 hash:
4d4351651013f8fc4a29058e018123d0843ee12f
Link:
https://www.unpac.me/results/765062eb-eb5d-4fe7-a6dc-a5814678ebbf/
SH256 hash:
86c8ee210e6611383a634dcb8c60455063ddae3d7adccbeacf3adf7bf2a46676
MD5 hash:
d2e45dd852a659e11897df573832f381
SHA1 hash:
19990ee627c95b6c18d3b5c5f0ec5c24791d0af5
Link:
https://www.unpac.me/results/765062eb-eb5d-4fe7-a6dc-a5814678ebbf/
SH256 hash:
c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448
MD5 hash:
9625d5b1754bc4ff29281d415d27a0fd
SHA1 hash:
80e85afc5cccd4c0a3775edbb90595a1a59f5ce0
Link:
https://www.unpac.me/results/765062eb-eb5d-4fe7-a6dc-a5814678ebbf/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7ce7af38278c1f5a5409bf224fbcac9e3e7ed3a5f34e74f347f06c6ee75edc2b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Detect_NSIS_Nullsoft_Installer
Create hunting rule
Author:Obscurity Labs LLC
Description:Detects NSIS installers by .ndata section + NSIS header string
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/32113/

Comments