MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b5e4950f8979f18ad063f3df3fb483aa88273271254201dbc0e5241b7713edc2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b5e4950f8979f18ad063f3df3fb483aa88273271254201dbc0e5241b7713edc2
SHA3-384 hash: 555b7c5c377dd2b1abcdeabf92aac42d4ee1de51ee1b4d2ee0f0d0a472b93137bfe5f058fe0e5b3790c584a45ea8da91
SHA1 hash: 2460d007623541ce35eacced4e45b440a8f2c819
MD5 hash: 4c28c330dbc0d26300384e448c47909c
humanhash: equal-eleven-fruit-fruit
File name:bb.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-25 14:46:14 UTC
Last seen:2020-05-25 16:11:58 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e89786475379e154be146b9d0de8454a (1 x GuLoader)
ssdeep 768:D7N2uS5SZZCcjti+LAAyCKAjd16XAdCQBb47FxkIIemlD+Ia2Dt9mak:tfS5oZC+sMj36XAdpUvkImlD+R2Dtjk
Threatray 196 similar samples on MalwareBazaar
TLSH 67B30803B9D9FCC2FC198FB159E699951E22BC601C205B47B81FB29D2A3758C9FB1706
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5583/
Detection(s):
SecuriteInfo.com.Artemis4C28C330DBC0.15963.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 00:07:21 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
17 of 31 (54.84%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1da069d39e2e88c624698760567c4019ca2de990b05c429be843355a0531b51a
GuLoader
28dfc81c0660d22a889fa79cf30b0698e1f4c78a6693c277931868b67b29646e
GuLoader
2b44eaee1eb9f472580e06b30bc5eba6f513905abe768229ba6290bd1e4da1a5
GuLoader
46387625361cd440a23520b7bda25f402b586d00a44229754ab776e5e1bf34f7
GuLoader
50a5970afc0a5e55eb16da4d20a7f2ab4af3386d58751b276583aad18969ccac
GuLoader
6327c2d28925dd4680b13585501e34181fc4beefaeb08040d1c10fc91a16f0a3
GuLoader
8d6e4671da660a178432514e56aaf7445ea4f03a60f20cc9b6d29826ab435975
GuLoader
b4e68cc1125476baac15e128b8e5daacbe857a05c525da252348ba0844ecca83
GuLoader
bd476e4d4bb6f46ca0e62c6a2ab34f90b025d3cc6a0895be9073bd48997d1b47
GuLoader
fcaa4b93dbdb7ca43dab06e0afb63117ca21a864f7ccf6f6eb7a4581ded48464
GuLoader
+ 186 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-vkmgpszgja/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/5583/

Comments