MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ae82bc9492d5d94d7d5e28db012676037f48a716aba72304055f54158013aedc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ae82bc9492d5d94d7d5e28db012676037f48a716aba72304055f54158013aedc
SHA3-384 hash: 776021bc91c2d0437e4def2f8e3d29a54c5af095e6d2cf9b01423b10ea59afe10782f7b76fe51def603bc5cb409fa7a2
SHA1 hash: aed29e019ed426d599c36f80136e0558c9863867
MD5 hash: 36049bdec95c7930c97a88ca35bd156c
humanhash: sweet-mango-pasta-wyoming
File name:SecuriteInfo.com.W32.AIDetect.malware2.6033.16247
Download: download sample
Signature GuLoader
Create hunting rule
File size:239'224 bytes
First seen:2022-08-31 05:31:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b34f154ec913d2d2c435cbd644e91687 (527 x GuLoader, 110 x RemcosRAT, 80 x EpsilonStealer)
ssdeep 3072:6FRLmrHvTaqLbItmu+2bykL15s9o8PwEvlwhmxkVWrM+Sq2AaEHK5N/IOkj7YB1Z:QlgvTRHyJykLjWw9m+Lq2AhmOO8m7WE
TLSH T174341230A656B7B3D4E68B791976D673BBBD80212850A20B0F403A9F3DB5361E61F3C5
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon b2a89c96a2cada72 (2'283 x Formbook, 981 x Loki, 803 x AgentTesla)
Reporter SecuriteInfoCom
Tags:exe GuLoader signed

Code Signing Certificate

Organisation:Orkendes Busselskaberne
Issuer:Orkendes Busselskaberne
Algorithm:sha256WithRSAEncryption
Valid from:2022-07-09T08:32:56Z
Valid to:2025-07-08T08:32:56Z
Serial number: 1c2eb8580b92248f
Thumbprint Algorithm:SHA256
Thumbprint: c3e3f1f65baafba142bdfcab6f7bc2b18e2ad1eaf95e46e6770cdc827f386e25
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
221
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/306654/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.6033.16247.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a window
Creating a file in the %AppData% subdirectories
Searching for the window
Delayed reading of the file
Creating a file in the %temp% subdirectories
Searching for the Windows task manager window
Launching a process
Creating a process with a hidden window
Sending a custom TCP request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/630ef3013e9e50b1baef10cd/reports/9b421588-b21d-45e9-a06c-c4c522914398/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1061261
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ae82bc9492d5d94d7d5e28db012676037f48a716aba72304055f54158013aedc/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=v2blzfes2xmu27k6fdnqcjtwan7urjywvotsgbafl5kblaatv3oa._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/220831-f8allabbf6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Windows directory
Drops file in System32 directory
Loads dropped DLL
Unpacked files
SH256 hash:
8bdd996ae4778c6f829e2bcb651c55efc9ec37eeea17d259e013b39528dddbb6
MD5 hash:
3d366250fcf8b755fce575c75f8c79e4
SHA1 hash:
2ebac7df78154738d41aac8e27d7a0e482845c57
Link:
https://www.unpac.me/results/2ce53d70-06d6-46ec-ba2d-d9ffa8ec9d60/
SH256 hash:
bb7e367bee3e91651d444db3c2f0997de914650547c66473bb201a2724d49196
MD5 hash:
6ea4aa54a7837e790c0b822dc8c27cd6
SHA1 hash:
1ed173163c496c482b36ef737fb6832e2b82cb6e
Link:
https://www.unpac.me/results/2ce53d70-06d6-46ec-ba2d-d9ffa8ec9d60/
SH256 hash:
ae82bc9492d5d94d7d5e28db012676037f48a716aba72304055f54158013aedc
MD5 hash:
36049bdec95c7930c97a88ca35bd156c
SHA1 hash:
aed29e019ed426d599c36f80136e0558c9863867
Link:
https://www.unpac.me/results/2ce53d70-06d6-46ec-ba2d-d9ffa8ec9d60/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/306654/

Comments