MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7cf84b862a71086f6b039b4b0ea9043aa49440c523d9377d9eef18f6b5974b26. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	7cf84b862a71086f6b039b4b0ea9043aa49440c523d9377d9eef18f6b5974b26
SHA3-384 hash:	fcf37646d4978ba5e27fd628a7149ae21bc66f8dc4e79150f5cc745c46ed13e4aa3f704e4b0b9021b0333b156d367cd1
SHA1 hash:	a3a911a351fead012d430f99deafa1b0b4b594f0
MD5 hash:	3e9d9b397d0fde6dad3ce778815f2b21
humanhash:	lake-carolina-angel-spaghetti
File name:	SecuriteInfo.com.Trojan.DownLoader36.39245.27274.3571
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	122'880 bytes
First seen:	2021-02-05 12:09:48 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	3002aa90a6228138c61e6ac642f2d8b4 (5 x GuLoader)
ssdeep	1536:Z9ORxj4JSgNl9g0da2YX0ZHKkaPYuyuZlYfXDrfbBBATyP5:yxpMbha2YXMPuHGvbD5
Threatray	1'411 similar samples on MalwareBazaar
TLSH	0BC3D7A3B680F7A2E249C5B19B19C2FD02876C30FB154903F1C27B6D76B4AE44D68776
Reporter	SecuriteInfoCom
Tags:	GuLoader

Intelligence

File Origin

# of uploads :

1

# of downloads :

167

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

SecuriteInfo.com.Trojan.DownLoader36.39245.27274.3571

Verdict:

No threats detected

Analysis date:

2021-02-05 12:12:25 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/c5604096-0fc5-4c2c-bc2e-32c5a34a331c

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Guloader

Link:

https://www.capesandbox.com/analysis/115732/

Detection(s):

SecuriteInfo.com.Trojan.DownLoader36.39245.27274.3571.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

DNS request

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

troj.evad

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/600203

Signature

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Found potential dummy code loops (likely to delay analysis)

Multi AV Scanner detection for submitted file

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Yara detected GuLoader

Yara detected VB6 Downloader Generic

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7cf84b862a71086f6b039b4b0ea9043aa49440c523d9377d9eef18f6b5974b26/

Threat name:

Win32.Trojan.Guloader

Status:

Malicious

First seen:

2021-02-04 10:03:35 UTC

AV detection:

27 of 29 (93.10%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=pt4exbrkoeeg62ydtnfq5kiehksjiqgfepmto7m654mpnnmxjmta._file

Verdict:

unknown

Similar samples:

0940b9701bebcf58004ba4089e5d0d6ebbf882da6fce307f24b254f243063439

4290d442e13dea4987b3439a97deabd09dc72d8b38fff572ea287d1c4e9b71bd

4c6997804d58c9362349c9d5905e52c1e4a41c4db83541a3bf4f72097c8205f6

5a854fc001ad2ec948cc93914a017c8bab4a0acc9ad7f4c8a91bf983bb493b97

5d55ad4b75f1106d59cc53b92d90c8f343c5d893c774d436f44ae5508714f443

778ec854f98646f3bc9f4b4aa609b5d96eb78f073935060418135518953d949d

7b71b12d30d6ce6adb82e9f8c105c1f1cc36ed8744b0c21cfa8aa08d21119f08

a8f3dde862d7e81876c11ee41a7d5c6594e72e67d12496461157c56e24c10a35

d1d9e9253d722a52cab9606aec1d7d7629b4316b0c89c54406bfd595ca7bfbca

ebc82e867e1280af5cb01ed64745b4a4e5fa48c2ea64557bbaeb7b391e852c2f

+ 1'401 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210205-mgl5tx9r4a/

Behaviour

Suspicious use of SetWindowsHookEx

Unpacked files

SH256 hash:

7cf84b862a71086f6b039b4b0ea9043aa49440c523d9377d9eef18f6b5974b26

MD5 hash:

3e9d9b397d0fde6dad3ce778815f2b21

SHA1 hash:

a3a911a351fead012d430f99deafa1b0b4b594f0

Link:

https://www.unpac.me/results/bf57903c-784c-4986-a3a6-e36d707e0a10/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Vcrypt

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7cf84b862a71086f6b039b4b0ea9043aa49440c523d9377d9eef18f6b5974b26

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 7cf84b862a71086f6b039b4b0ea9043aa49440c523d9377d9eef18f6b5974b26

(this sample)

Cape

Cape

https://www.capesandbox.com/analysis/115732/

URLhaus

https://urlhaus.abuse.ch/url/990809/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample