MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9d13ac84ad63d41cfe44d18740193af498ac345ea1332d2759d4f4bc424b12b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9d13ac84ad63d41cfe44d18740193af498ac345ea1332d2759d4f4bc424b12b3
SHA3-384 hash: 9e4c1dd24a9c66027d9588075ac24874147f39e35bc7bf24c81e90e4f113bd30b7b59c2c161414885b1ffc93b2aaa806
SHA1 hash: d6c562c165809438d1b9d87d74e1372d9e741ac9
MD5 hash: 636cb36c1f8ebb57adc883fdcce864d1
humanhash: nuts-lithium-single-july
File name:Order Specifications.XLSX
Download: download sample
Signature GuLoader
Create hunting rule
File size:11'368 bytes
First seen:2020-04-28 20:07:55 UTC
Last seen:Never
File type:Excel file xlsx
MIME type:application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
ssdeep 192:ODpj1mxVc4oaxxm0mvEQ/DaMScWxZWWwRVPM0Z5vWnBadec6UhNQzRFf/sC:Ox+VcoxxMvEQ/DaMSPZa+0jWYec6UhWD
Threatray 75 similar samples on MalwareBazaar
TLSH BF328D5A67C24BBEF3C4A03AB08C31A847593FB414525196D2E0AACD1AFF8967E5C309
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Malware.XML.Autoload-1.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.EQAndMisCasedOleNativeWasTheCaseThatTheyGaveMe.20200215.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Document-Word.Exploit.CVE-2017-11882
Create hunting rule
Status:
Malicious
First seen:
2020-04-28 19:57:24 UTC
File Type:
Document
Extracted files:
14
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
6005ff1373b7a3600ad4b5700b4d9b6c13827015a97fea1b030189655bd8e986
GuLoader
668ec5b9759f0349cc79113c4d2bb62ebf2239de79532f97248b242df8608a3c
GuLoader
69e3e7a0726435f1d48dc9d56db3a3759fb038b9c8b7506ce48e5efc5460d839
GuLoader
8a92e6115a329e47ab36222d86ea3f58f56b0a58b1010d2da280067346f38b21
GuLoader
8ad873e8543935a9cc12317f90676019801257de4b0845414a7df058e03d6d7f
GuLoader
99b9b649c59745f1544c91ffe35dad1e1529c9cb6715325c95ee396bbe3db2ab
GuLoader
9b2ad325e0cda26d0cd3769bea307050581d5c38d40d1281ff7e6b56420369cd
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
c4d2bbc3c3b3adae600631e9ab22124ce0b92588af7fabe69183469e0644cd4b
GuLoader
ca9cc4ff6c8597a999bf16b9f64f709b48add9b3ae2a2556cde2a80cdc75fa4e
GuLoader
+ 65 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:SharedStrings
Create hunting rule
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples
Rule name:win_alina_pos_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator
Rule name:win_gootkit_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments