MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 96568402add3b23971d79fa6730a1bd054509512e1d73cefec74c307aa46d436. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
GuLoader
Vendor detections: 4
| SHA256 hash: | 96568402add3b23971d79fa6730a1bd054509512e1d73cefec74c307aa46d436 |
|---|---|
| SHA3-384 hash: | f722a314bc750c6e8816b69225e6d807175283881daa61f939ad0f98fcbb8fd1504616796b1e123ae9091d037c9ce691 |
| SHA1 hash: | c13f2e7d76ead6c0ab4acd86ec0ee06e2ffc8b10 |
| MD5 hash: | 604cfd460f8a0c116cd9f6f0ed1a2936 |
| humanhash: | princess-crazy-iowa-gee |
| File name: | Invoice 56020xae.bat |
| Download: | download sample |
| Signature | GuLoader |
| File size: | 126'976 bytes |
| First seen: | 2020-05-08 18:32:50 UTC |
| Last seen: | 2020-05-08 20:01:32 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | cada34ced53ca6abd427fd5cb049c107 (1 x GuLoader) |
| ssdeep | 1536:2lia6K2dhmBKzvTDyeFj8kdIlTQKu70gp8Qbqy9j7M0K8kO4X02KhTvmw7U:2caBAzzvXbdKQ/70gqHyx6VOWKhX4 |
| Threatray | 204 similar samples on MalwareBazaar |
| TLSH | 26C3808573C0F697D5E80EF2475A83E115F9AC3A7D852B077BC9B11B6638A41EA20373 |
| Reporter |  jarumlus |
| Tags: | GuLoader |
Intelligence
File Origin
# of uploads :
2
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Status:
Malicious
First seen:
2020-05-08 16:52:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
5/5
Detection(s):
Suspicious file
Verdict:
malicious
Label(s):
guloader
Similar samples:
+ 194 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
7/10
Tags:
n/a
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.