MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a6770c3060c17eea5b16f45535cf9bd85b0c00ea22123da28137c5ba83311a0b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	a6770c3060c17eea5b16f45535cf9bd85b0c00ea22123da28137c5ba83311a0b
SHA3-384 hash:	ae5ba3b36049a739e7a452df67c2823f1d4d497f9b6c7e99d98a05d40487152541618935e637bb6536d21d1841740e9d
SHA1 hash:	192965a85e94288194812927356c3f081ed6f824
MD5 hash:	5689ea14dcb4b5b02704323f6e99c2bc
humanhash:	table-golf-batman-jig
File name:	A.ERROYEUGUI SOLICITUD DE OFERTA (091621).exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	102'400 bytes
First seen:	2021-09-16 12:11:37 UTC
Last seen:	2021-09-16 13:00:28 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	192568bbd6059cbff7dcd564f9b7c64d (6 x GuLoader)
ssdeep	1536:OL8SKrkWRzy+W58B5WGxDxRg85oZOqntx4JvZJJLnKugGR:W8Dkczy+W5oWGxs8mZ1n+bt3g
Threatray	1'542 similar samples on MalwareBazaar
TLSH	T14CA36B632064CA52C1CC46F5C9E686F234AAECC8C9C10A1FF47EBD22FC79F1656C565A
dhash icon	ceb2b2b2b28ffcd4 (6 x GuLoader)
Reporter	malwarelabnet
Tags:	exe GuLoader

Intelligence

File Origin

# of uploads :

2

# of downloads :

166

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

A.ERROYEUGUI SOLICITUD DE OFERTA (091621).exe

Verdict:

No threats detected

Analysis date:

2021-09-16 12:15:32 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/0755b1f3-6224-4cd9-86cb-2f35fefd985a

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/188415/

Detection(s):

SecuriteInfo.com.__vbaHresultCheckObj.30601.31490.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/6175223d9a5a1e91c5d2046d/reports/8706036d-24f0-4dc4-ba27-47e40e3e50f2/overview

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/0ce744e2-e5d2-4857-a06b-c87952b7d7a3

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

troj.evad

Score:

92 / 100

Link:

https://www.joesandbox.com/analysis/852039

Signature

Found potential dummy code loops (likely to delay analysis)

GuLoader behavior detected

Hides threads from debuggers

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Writes to foreign memory regions

Yara detected GuLoader

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a6770c3060c17eea5b16f45535cf9bd85b0c00ea22123da28137c5ba83311a0b/

Threat name:

Win32.Worm.Wbvb

Status:

Malicious

First seen:

2021-09-16 12:12:08 UTC

AV detection:

19 of 28 (67.86%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=uz3qymdayf7ouwyw6rktlt433bnqyahkeijd3iubg7c3vazrdifq._file

Verdict:

malicious

Label(s):

cloudeye

Similar samples:

617738e1dd2b1ca260fe4cd650b249406c2b26adf903f38e8bf7b6b6cae031e2

6cbaf335b0737ddf3f782688324856ef573d1978897299461f7a43c8efeaa008

705359998910a71e56cde4f359ad4ae767d0182b45f46615ebcbaa969fe5c5c5

da71644ee66cad527be192aefdfb9e5c70f0977d111d95e3591c8221aca1ccfc

f2e90acd9eecf1318a331ed9d7459caaff437e46c00ab2757f313d09002a4f94

fc4e44c0b91ce5f076bab43f739c4100de70423b9e867d2f34ff265e37596bd9

+ 1'532 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/210916-pc7e5adcg2/

Behaviour

Suspicious use of SetWindowsHookEx

Guloader,Cloudeye

Unpacked files

SH256 hash:

a6770c3060c17eea5b16f45535cf9bd85b0c00ea22123da28137c5ba83311a0b

MD5 hash:

5689ea14dcb4b5b02704323f6e99c2bc

SHA1 hash:

192965a85e94288194812927356c3f081ed6f824

Link:

https://www.unpac.me/results/59846917-2e4f-474d-b634-743e5ff9cb45/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/a6770c3060c17eea5b16f45535cf9bd85b0c00ea22123da28137c5ba83311a0b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/188415/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample