MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7cfa97a92b4242af9657fe87263b30a68d06f7d360c565f362794618713e1774. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7cfa97a92b4242af9657fe87263b30a68d06f7d360c565f362794618713e1774
SHA3-384 hash: 5eb84640113f437026842978767df03bdf0314a100a883b7aa5e8a9972dbb0e55b66bd83cba1b96867d1f3816ba5dec2
SHA1 hash: 389eba7bcdefb93730142555028049f740af596a
MD5 hash: fc068e9066b203373bf4ee41556cbd5f
humanhash: eighteen-diet-nineteen-jersey
File name:PO_00405020.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:143'360 bytes
First seen:2020-05-06 18:41:50 UTC
Last seen:2020-05-07 09:22:40 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f5060099cfc52e20fab333b16b8ae3d0 (1 x GuLoader)
ssdeep 3072:+ZRI68N/1UOoGdC3CS0pI5i20ixUFdzhBGEoazN92re:+md1FdoC9Ii2BxKdz/FrzN92r
Threatray 306 similar samples on MalwareBazaar
TLSH 8EE33F985A88EC13D46878B2EB82F95ED3942D35B832721773C0772E2B35591DE2137B
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.44740.30464.24285.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 19:37:27 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
025ce893661f87afc7352a9f89403e337a4e6d982ef3d97cf19e74674cbdeed3
GuLoader
133b27bbf63dcf79d89bbf8b46be58d0219323be3d3e428f5e1c7feba7c55f89
GuLoader
2b7498abb82bfc105fb641bc1b9e9da602bfeefb252dd8d16d7c1e4fbc3a4668
GuLoader
2ea5a4fb25528051254f255dc64913ca7d4faa1ecba2f40a55b536f871624fb9
GuLoader
504cd8dcf16b6e6b55271ef9bcd8603916ec5f81fdeb0615e3c970954d50a7f0
GuLoader
5da6c70f145dcb4c50abe95e6b641d3a4c24fbc74f02b19aa40e574b25eaecba
GuLoader
8077b9d3b809c1b66793e7292d7afdb401efa60fe9be607bb48a30bcf005af06
GuLoader
bb2faadcbc0d7c66a84bb763e34cc811194f21a2222541a62fd1c0d9d3ce6c42
GuLoader
ddf6f04276c1d976e62e199e6c928fb7a3d7aaec455a1859f8d8f605c89ffc64
GuLoader
e0c1fb97e28bc9944bc045ee772dd8da34a985a9e410764734eacdb35429cd1b
GuLoader
+ 296 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-824k24n7be/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

ace ca801ba50731615aead8609b5aab53cdbecef0312e71f154ea68bd36f96228ae

GuLoader

Executable exe 7cfa97a92b4242af9657fe87263b30a68d06f7d360c565f362794618713e1774

(this sample)

  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ca801ba50731615aead8609b5aab53cdbecef0312e71f154ea68bd36f96228ae
  
Dropped by
MD5 12cd20eda6d4f01cbb3a95c3e6857bd2

Comments