MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8889140ce8f51cfc74f4e3f751eb8cb73791a95524f87d66c33b8ac2fc552bf3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8889140ce8f51cfc74f4e3f751eb8cb73791a95524f87d66c33b8ac2fc552bf3
SHA3-384 hash: 11c1af54e556f655b057634d371b56cab216d3f5c4b06f9296f5a881596235e5627c3cc45c0072e7b74b7e9b33fb3a27
SHA1 hash: 0a9322f92bed55736d11c842756f9c74a97bdfe6
MD5 hash: c3c5bda2d373ea6e6b3dcb882348bcc1
humanhash: two-beryllium-nitrogen-september
File name:SecuriteInfo.com.Fareit-FTAC3C5BDA2D373.13136
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2020-05-11 21:49:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d2781af78592ec55b70735ddff086378 (1 x GuLoader)
ssdeep 1536:WB4ujbfpuwSn6t/QzN4InJm0FijxOMr2rS78xSBAgljPOwcAdrgz/p+zIsFw/RDT:BWbgwt/uyIJYzIRpDT
Threatray 775 similar samples on MalwareBazaar
TLSH 31B3F95416D4D11BD6BF8DF1179262DAD2AEAD3E74023B131BC2330EE736C41AA9137A
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Fareit-FTAC3C5BDA2D373.13136.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 18:59:26 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f
GuLoader
242e753a150db24e2f8a7787e97e26880806ec11f822eb388867b7703dd2de9f
GuLoader
37d7bba1bacdbcb35e301c1fc391449ea84d1203ca59a8b1f1142acf4596e032
GuLoader
5ec674e9110c534ac08697894fe1f43668c408e3693970f89ae86e6e49c66843
GuLoader
8247baad6838676fb803763c3995eb735d8535045c344349fb8cf90e9e22534d
GuLoader
8869b2576e5e5ebd15edee49935a89a27bb6dee506483a27f805f708d4bf8957
GuLoader
92d33ffba60dd98d6e60e4487618f808da7bb78ba1a69904edb440a4ecbae4f6
GuLoader
d7e91c4ae1a0b9f6bd1c2ae422b2d9488949110017b9d06001e6bcd386905c8e
GuLoader
da84453f047b0c5e2a88e6ba46a11f390b4944f7c7f45563e19aef895c196e8e
GuLoader
ebd4be279ffeac609946977cd38d51331cad3238e36185828c183154f5e03f8f
GuLoader
+ 765 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-q4cwwfx4ga/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments