MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 993652269ced1251f59602ea3459a7e6cc440672a3af9398e66db36d99860678. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 4 Yara Comments

SHA256 hash: 993652269ced1251f59602ea3459a7e6cc440672a3af9398e66db36d99860678
SHA1 hash: 65de206a72ec7657dc779f5613f4a24555024eb9
MD5 hash: acf3121ae64f6ff9662927518b345f83
File name:_20200522_wj1.exe
Download: download sample
Signature GuLoader
File size:106'496 bytes
First seen:2020-05-22 09:52:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 87cdc30a7be3a0c49be0454d8c92f61e
ssdeep 1536:dVTTu5SIxDWZJ2+XZ+nKot35+/IbVyT+UdSZR16:HTTCZ9WZdJnndSZj6
TLSH C0A32831F898FE41C91C89F22EA74BB9182B7C74A5194A43F2D77B1D2A371C5992334B
Reporter @abuse_ch
Tags:exe geo GuLoader KOR

Malspam distributing GuLoader:

Sending IP:
From: 한석 이엔지 <>
Subject: 첨부도면 견적요청 드립니다.(한석이엔지 입니다.)
Attachment: H4A2-423-EM154-302.img (contains " _20200522_wj1.exe")

GuLoader payload URL:


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 22
Origin country FR FR
ClamAV PUA.Win.Packer.ProtectSharewar-2
VirusTotal:Virustotal results 23.61%

File information

The table below shows additional information about this malware sample such as delivery method and external references.



Executable exe 993652269ced1251f59602ea3459a7e6cc440672a3af9398e66db36d99860678

(this sample)

Delivery method
Distributed via e-mail attachment