MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9e56b9c890057c4adac0a54f64720736438dcc1ba3cce009c7b510fea603f2e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	9e56b9c890057c4adac0a54f64720736438dcc1ba3cce009c7b510fea603f2e1
SHA3-384 hash:	791eb549a6546434cc8d6591ef50c217a075c38f006d45cb2cbd78a8912abc463b999a7f8960013bd0dfd05e5853af6c
SHA1 hash:	34a0fb59668ed0d90de74a63335305e4be934749
MD5 hash:	f2bd3999f96c8edd94217df2c3d112b2
humanhash:	bravo-sweet-november-colorado
File name:	form.msi.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	102'400 bytes
First seen:	2020-05-19 14:23:08 UTC
Last seen:	2020-05-19 14:54:52 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	82227810e7061373bd342cd0c5be9c47 (1 x GuLoader)
ssdeep	1536:c1EqdNbTrc2vVsKq41AWzqyKCUerInXDCx:GXrc2vV70CUQNx
Threatray	5'116 similar samples on MalwareBazaar
TLSH	35A3E726F9549D61DA00C9FC9D58D298149FBC3419A2CA4B74CA7F6C25F29C3B9323CB
Reporter	James_inthe_box
Tags:	exe GuLoader

Intelligence

File Origin

# of uploads :

2

# of downloads :

84

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Win32.Injector.EMAG.22055.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Vebzenpak

Status:

Malicious

First seen:

2020-05-19 14:22:57 UTC

File Type:

PE (Exe)

Extracted files:

6

AV detection:

23 of 31 (74.19%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=tzlltseqav6evwwauvhwi4qhgzby3ta3upgoacohwuip5jqd6lqq._file

Verdict:

malicious

Label(s):

guloader

Similar samples:

08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f

2eb11af6d3282bc293586d723b4f411157975c6a7464bc7fecb0f11a2c8951bd

67586cd711a0de6176d2df1bde9bf36f024f893328ae9c447bdf5e636e99502b

83a9482f5fb2807da38f62dce5a40bdf154d2c26f7a3080982efa30491bb66c4

98090f606cda48999384c614b1f92bb9d0e5f1541b86d8d62bf1e6639633a271

9847005465ae681d1d9533697106492027a1d55b64b0ca1b6f2a79730a5140a4

b1ab330d8407adbc0731fd66b869bca53515ccf732d1ad498515e5e04f993de4

ca2474c82643817c50106479f991ae282b9bb24fde98721dc5f99fe9a5eb3300

cd1a9b8d7f8d830bcb13548fdd9f02a7fae07b7c49fd12bd1a7e02ed346bc010

e6ec516f652708d86ea17dfa8a860550a6be97d1d2c886d67c5bc1e2ad5a2ccd

+ 5'106 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-mz7xypdrae/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks QEMU agent state file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample