MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9d32d8de3b01e191634bdd00355a38a310475b70ba31f69015b68db822995c31. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9d32d8de3b01e191634bdd00355a38a310475b70ba31f69015b68db822995c31
SHA3-384 hash: 0349337a4f3c806c60c496b5fc11df40fa1deff5d99d80abb20031cf3d7da0a163fc9923d26d96360c10a86b39dde595
SHA1 hash: 9fbd9ee32263e04cb87fd8626ad623e8b90f6b2b
MD5 hash: 3601ee54741bf58f64aa01c0798c98ca
humanhash: twenty-alabama-monkey-equal
File name:Contract_Proforma-26-07-2021_RFQ_9R83374666446_QUDHDGEUWIWND.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:233'472 bytes
First seen:2021-07-27 15:16:57 UTC
Last seen:2021-07-27 15:50:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 5538543365ffa3683ea62d4da396a81b (1 x GuLoader)
ssdeep 3072:TM6neZzB8pltkBshWNeEL1NawfTuBWmknQx9Ov7R/zBHCt6:wT4kNFLCwfTOWmkI9OT/H
Threatray 1'170 similar samples on MalwareBazaar
TLSH T1DA343A43B6B24D29E1E62DF3683AB86273157C0159211E3F1184FFBE30B16D2A4697DB
dhash icon b2797c7071f8f8e8 (1 x GuLoader)
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
238
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Contract_Proforma-26-07-2021_RFQ_9R83374666446_QUDHDGEUWIWND.exe
Verdict:
No threats detected
Analysis date:
2021-07-27 15:19:02 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/63676c93-07ea-4843-9071-d79e36c98a73

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/174391/
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Creating a window
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/eeb5f071-24f1-4195-960d-4154fa455fd4
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/822462
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found malware configuration
GuLoader behavior detected
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Potentially malicious time measurement code found
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Writes to foreign memory regions
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Gathering data
Threat name:
Win32.Trojan.Mucc
Create hunting rule
Status:
Malicious
First seen:
2021-07-27 15:17:06 UTC
File Type:
PE (Exe)
Extracted files:
16
AV detection:
12 of 27 (44.44%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tuznrxr3ahqzcy2l3uadkwryumieow3qxiy7neavw2g3qiuzlqyq._file
Verdict:
suspicious
Similar samples:
0111e643db93fd27abab8725f88517e9deb9b7e2a2579084b849a523b22d18e1
GuLoader
0aaaf9c1e77b1a34004d45cac0b780ac1f67797244be20c355056251a5b478a1
GuLoader
447a0d8244572bcab27cab7d54e43ac0cd4724073d6b9deb381c78d32a97b418
GuLoader
464e32b273ff94e18247402fec1445dceb07fe8ea16490038fa64b9a23672cf0
GuLoader
5445447afbc7e74f9a827b122e1b38c4cb9715ec3dfc5bbfbf4805759bfc6eac
GuLoader
8ed09463c39d08676a3cb36e44f59d5b15df69a4a661640a53992598c4afc7dd
GuLoader
923e1d37bb37118bd66462b153d9fa0d4518898ed56f0252690a6d9eb111a0d7
GuLoader
fe7ecd7256cc42ce91c14e30096c2d220aa5f0eeb77eaf7153ea34f9d4b3af8b
GuLoader
ff1b034c7060724133c6df0aa8cf5411ec0e6775d3aca83a127617340a8c588a
GuLoader
+ 1'160 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader downloader
Link:
https://tria.ge/reports/210727-v1wtr88m9s/
Behaviour
Suspicious use of SetWindowsHookEx
Guloader,Cloudeye
Unpacked files
SH256 hash:
9d32d8de3b01e191634bdd00355a38a310475b70ba31f69015b68db822995c31
MD5 hash:
3601ee54741bf58f64aa01c0798c98ca
SHA1 hash:
9fbd9ee32263e04cb87fd8626ad623e8b90f6b2b
Link:
https://www.unpac.me/results/7c1c50c2-80f4-4703-aa06-43ffda522357/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9d32d8de3b01e191634bdd00355a38a310475b70ba31f69015b68db822995c31

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/174391/

Comments