MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aff13266e5803a58effdba6e01d44dd6b083db453a0dbf2528f5e729d33918fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aff13266e5803a58effdba6e01d44dd6b083db453a0dbf2528f5e729d33918fe
SHA3-384 hash: f03d4e7374b66c51ace613cd8cc78544c8752c854c19828ca4cb556977eb56f6b3b4d5fc91ed6f8c590c056d6d80dbd5
SHA1 hash: c8ee0af58670f3fbeb5fb9778fa225641135efa7
MD5 hash: dfcb80aaa0f9131a7ce3d0082259fd57
humanhash: august-mexico-ack-carbon
File name:aff13266e5803a58effdba6e01d44dd6b083db453a0dbf2528f5e729d33918fe.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-09 16:03:10 UTC
Last seen:2020-05-09 16:43:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7b0a94674631cde7e378c33d51694f19 (1 x GuLoader)
ssdeep 1536:gY2Kwfv5w4Eopcf/SyOA3Yonkgse1GAh:oqSyOhok5zm
Threatray 328 similar samples on MalwareBazaar
TLSH FDB31D946AA0DC13E15979B2DB80F14DE3A6BC352831960332C6774A1F399C6DF2176F
Reporter JoulK
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.44713.20510.6017.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 16:53:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=v7ytezxfqa5fr375xjxadvcn22yihw2fhig36jji6xtstuzzdd7a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2abe71b49e45492b408294a415a308799ed312ff79c013924a42e53ce9c32a82
GuLoader
552f8a15f83c9c40034cbada93c326a24b8677d7413e8395bfd7f3a6461d33b3
GuLoader
83e97420dbe39c6e29e2ae3dad80f21afe93d1b6ea88962a89762cd64772db41
GuLoader
c0a66966676974f8b853ba487eb3e06e8952ccb0f9d6930bf2d1c67293ee21f1
GuLoader
d025b24f7179db8dcc6dda416f90220e9559dde564a5b24c0dc7a02fc823c97c
GuLoader
d8e693957ed5178a7f00b1c5705dae298b7e04da07d5c154a6580c031369d6ab
GuLoader
eb69f1b5d596096808339dd39376f1685bf94376491a8df091c9a788d0dc1ef9
GuLoader
ef7a8f1478e57d2dedf96a00501903b7b5a571680286502f2f329ed2c8728b2b
GuLoader
f17c37c6d5e56b96e7d603d1eafcb885b8c229cd1a6ec1d669b1dadcce59bdef
GuLoader
f85b3852381cfbabd654be01a21ffbb798a0feaa3f360fff66f27d499c174898
GuLoader
+ 318 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-yrdvzzh5dj/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe aff13266e5803a58effdba6e01d44dd6b083db453a0dbf2528f5e729d33918fe

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments