MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7e4bb8db363bbb2fdb438b89700166146671fca493247486d678cbff47bec727. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7e4bb8db363bbb2fdb438b89700166146671fca493247486d678cbff47bec727
SHA3-384 hash: 16f3cc1b343ffff68bb39063f1291c717e58ed1c78ea269af810e5b6a0aaa00eda90dad90840c720878f74872eb9acb4
SHA1 hash: fea253ed51b4eaf2ee47a62e24c399a79243fac4
MD5 hash: b6d25d551f221fbdfd017198f7988af5
humanhash: south-network-artist-march
File name:Nonsuc3.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2021-04-30 02:11:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 76ef284e8de2d28fc688c1a2294c28b3 (1 x GuLoader)
ssdeep 1536:VteqDBq+88SWhx21ND05m/D86HZgcN7uf1kOlG:6qNqCE1mOQ65gGwvE
Threatray 5'040 similar samples on MalwareBazaar
TLSH 2DB329E2B9F3F993E245C97387097A7C50D779B11ADB6543C0C1261C1BB27E0EA3069A
Reporter Anonymous
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
200
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Nonsuc3.exe
Verdict:
No threats detected
Analysis date:
2021-04-30 02:05:14 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/5aec77ac-7aa8-4911-8a0b-27f2ce21f821

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/147098/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/703673
Signature
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found potential dummy code loops (likely to delay analysis)
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7e4bb8db363bbb2fdb438b89700166146671fca493247486d678cbff47bec727/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pzf3rwzwho5s7w2droexaalgcrthd7fesmshjbwwpdf76r56y4tq._file
Verdict:
unknown
Similar samples:
0da94c587aef560c9ff0d315cff1c1e073f8ab71f31b259cb78bb9c2293ece80
GuLoader
14eb827b600c3f7ccf2af766d0fec868e6b0467eba9264f19b75427f95ef7cfa
GuLoader
537a8ea61616d62ed663a41078e2709f21698036d90668961ba6ebd16db08b86
GuLoader
7c38d073b77ff7afc8f65aac812316d0fa9356115f1f3e78aca9fd496d177cad
GuLoader
8affd0d74b7fea47b03869e3fb44a1f76144b751503eac0d8c61c203f6a081f9
GuLoader
9ad452c41af7ed761449a51cca42b89827921f70f564331a4eed7a191c37c325
GuLoader
c83ae5695c48f86c4a90f32a1c2e2cf93656d6880e8e5322f671ef79a98fe934
GuLoader
c845d091a060520675309673246e766d1e61bd90ee0e46e1ba46fc08e1cd1ead
GuLoader
d4d22a42f8307b64ffeeaa26275000213a940c1792231db0911678d7bbb2cfb9
GuLoader
e74ff01d6412f87caf49182bdf1cae9e6d7200a3c176e37b7ff14b158f1a7433
GuLoader
+ 5'030 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210430-vk8jt25nrs/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
7e4bb8db363bbb2fdb438b89700166146671fca493247486d678cbff47bec727
MD5 hash:
b6d25d551f221fbdfd017198f7988af5
SHA1 hash:
fea253ed51b4eaf2ee47a62e24c399a79243fac4
Link:
https://www.unpac.me/results/46978cf1-1617-41a6-8abe-38c7100aaf7d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7e4bb8db363bbb2fdb438b89700166146671fca493247486d678cbff47bec727

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/147098/

Comments


Avatar
Rony commented on 2021-05-11 16:32:29 UTC

https://www.capesandbox.com/analysis/155145