MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 87eefb05fd8c133f8a0059e1bc695f652a2f7b0c297386d7a08fb37bdb76009b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	87eefb05fd8c133f8a0059e1bc695f652a2f7b0c297386d7a08fb37bdb76009b
SHA3-384 hash:	1854e6a04f80ebc09dc44d8a58bb2ad1dc85dd70a6343aaffe2315fa76fa9e923f45e0ed883b8a78ae740db4952bf12a
SHA1 hash:	ab293504fe7636c3cfc74718973bbd1cbca05fb4
MD5 hash:	be43b751bd103fe5a64b4e0aa7a30060
humanhash:	skylark-texas-lima-speaker
File name:	SecuriteInfo.com.W32.AIDetect.malware2.23037.17205
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	1'000'520 bytes
First seen:	2022-05-26 20:44:12 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	56a78d55f3f7af51443e58e0ce2fb5f6 (728 x GuLoader, 452 x Formbook, 295 x Loki)
ssdeep	24576:Vbgt9IUnghMeF3HVojgCpaxMiicfJuAJH:9gNngXXujhpaCih
Threatray	2'843 similar samples on MalwareBazaar
TLSH	T1192522053F5CDD22C0A40CBAA9F3C64D6AB9EE00465D5A433751393EFEFE662690E11B
TrID	48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 16.4% (.EXE) Win64 Executable (generic) (10523/12/4) 10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	24d2c6c6c6c6bc38 (3 x GuLoader)
Reporter	SecuriteInfoCom
Tags:	exe GuLoader signed

Code Signing Certificate

Organisation:	rinkendes Experiments
Issuer:	rinkendes Experiments
Algorithm:	sha256WithRSAEncryption
Valid from:	2022-05-26T16:42:13Z
Valid to:	2023-05-26T16:42:13Z
Serial number:	04d1e786df1e3e77
Thumbprint Algorithm:	SHA256
Thumbprint:	76b82d02656d7f6c305b3eaf4e61b6f551a23414e029c0801619ebe13a7b452c
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

1

# of downloads :

382

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

SecuriteInfo.com.W32.AIDetect.malware2.23037.17205

Verdict:

Malicious activity

Analysis date:

2022-05-26 20:46:14 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/3eb23d3b-fa7b-497b-91f9-f7c3d10ba675

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/274838/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.50339683.3508.11989.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Creating a window

Сreating synchronization primitives

Searching for synchronization primitives

Creating a file in the %temp% directory

Delayed reading of the file

Creating a file

Sending a custom TCP request

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

control.exe overlay packed shell32.dll

Link:

https://www.filescan.io/uploads/628fe6eaafb61a38666510b8/reports/a2780d28-5633-4cca-9e19-64a43f7ae81b/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/06aeca6c-ac51-46c9-9f08-80c924ec8da2

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/87eefb05fd8c133f8a0059e1bc695f652a2f7b0c297386d7a08fb37bdb76009b/

Threat name:

Win32.Downloader.GuLoader

Status:

Malicious

First seen:

2022-05-26 20:45:19 UTC

File Type:

PE (Exe)

Extracted files:

18

AV detection:

6 of 26 (23.08%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=q7xpwbp5rqjt7cqalhq3y2k7muvc66ymffzynv5ar6zxxw3wacnq._file

Verdict:

malicious

Label(s):

cloudeye

Similar samples:

1235559275e785007232e4aee35bd0609d1e52da4900ac8526ff54b592d63c6b

704ad16ef9755c35a9f52a3cd99f8ea83a53a6f7786472b3ea458eeb9730505b

785e0ff473552935ca1c597ceabab86f74a07b7ca6bfc58531a7c2fe74539853

78f8221d10ca5af256eefa0376f55e4688e00005317ab0bfb59f5406f9ed16ae

bbd7431d0d5272927e67c43cd961df4d855a4dcd080373355f980d61ff110337

bfcd5670bfa7bc6ccbf5d9b13ef3993e852f40b1d77b6854c99d1cee1558e78a

c28bfc6622b79ac2f1b1d57425553dd13c14648be45776e5070f78624b4ae1b8

d84b6f3b066ab525f9a42b819e618196568925ebe76eafb545ce8376f1ea223c

dd1ed5209c967dd24b1a861d3eb959a0d52a3ed54a9e0e39685ec5269760f91a

+ 2'833 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader discovery downloader

Link:

https://tria.ge/reports/220526-zjptrsbadl/

Behaviour

Enumerates physical storage devices

Checks installed software on the system

Loads dropped DLL

Guloader,Cloudeye

Unpacked files

SH256 hash:

8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

MD5 hash:

cff85c549d536f651d4fb8387f1976f2

SHA1 hash:

d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

Link:

https://www.unpac.me/results/67513008-cb48-4c24-9ec6-56583a717d3b/

SH256 hash:

87eefb05fd8c133f8a0059e1bc695f652a2f7b0c297386d7a08fb37bdb76009b

MD5 hash:

be43b751bd103fe5a64b4e0aa7a30060

SHA1 hash:

ab293504fe7636c3cfc74718973bbd1cbca05fb4

Link:

https://www.unpac.me/results/67513008-cb48-4c24-9ec6-56583a717d3b/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.53

Link:

https://yomi.yoroi.company/submissions/87eefb05fd8c133f8a0059e1bc695f652a2f7b0c297386d7a08fb37bdb76009b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/274838/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample