MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 9e2ed2731c8644b4117f5ca507b20cdc8a1e38f0e1d20a6b7a98580552599f76. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
GuLoader
Vendor detections: 2
| SHA256 hash: | 9e2ed2731c8644b4117f5ca507b20cdc8a1e38f0e1d20a6b7a98580552599f76 |
|---|---|
| SHA3-384 hash: | 18e6703086cf06a992823770a3dfb01abbf16e0efd8d558c5d4f2861616df2678861259e04219f013d4698789f8a5e71 |
| SHA1 hash: | ab7b961f8913ab36e5b1ffeb91e0bb176902a8fe |
| MD5 hash: | ee476ba12ffc46e3827cb55147b3e6a7 |
| humanhash: | lithium-west-autumn-high |
| File name: | remittance_advice.exe |
| Download: | download sample |
| Signature | GuLoader |
| File size: | 114'688 bytes |
| First seen: | 2020-05-27 17:13:15 UTC |
| Last seen: | 2020-05-27 17:50:22 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 64a40cba802bf4820c6b9fe4b1be9459 (1 x GuLoader) |
| ssdeep | 1536:2WDkA/Jh0YHpzgrurELeGX0FKx+EFU8H:2WDp/JhRH7rwKXEO+ |
| Threatray | 173 similar samples on MalwareBazaar |
| TLSH | C1B3E927B5908C71EC794BF20C7196E81D37BD396E144B077948FF8E2A365C92AA071B |
| Reporter |  abuse_ch |
| Tags: | exe GuLoader |
abuse_ch
Malspam distributing GuLoader:HELO: mail.neoit.es
Sending IP: 178.33.164.95
From: PAYABLES-MOTION <s.chen@motiontp.com.tw>
Subject: PAYMENT RETURNED DUE TO INVALID ACCOUNT
Attachment: Remittance_advice.arj (contains "remittance_advice.exe")
GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1c5lzohFTcu6YxSNW_ceYOkqgZKVl1rW4
Intelligence
File Origin
# of uploads :
2
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Gathering data
Threat name:
Win32.Trojan.Injector
Status:
Malicious
First seen:
2020-05-27 14:07:34 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
5/5
Verdict:
suspicious
Similar samples:
+ 163 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
5/10
Tags:
n/a
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.