MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b60440f67015b49577c8f2c61231ddd36c5d343373c3798bfc8cc5c2a1ce14f1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b60440f67015b49577c8f2c61231ddd36c5d343373c3798bfc8cc5c2a1ce14f1
SHA3-384 hash: 7bb3191b47f2270274da43b9a65ee056319dd2d0ed599f71d2b9c1659491e8118c3be14f7b091450d4d57cee974548bc
SHA1 hash: a862e0451b5c8fafb4b71f886768eef802c36eca
MD5 hash: 85796a4953cf434baabeefe280019892
humanhash: equal-oranges-lactose-yellow
File name:SecuriteInfo.com.Mal.Generic-S.4355.6333
Download: download sample
Signature GuLoader
Create hunting rule
File size:103'752 bytes
First seen:2021-04-27 16:51:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 37859d1d8591645dbfc84ab9703d27fc (1 x GuLoader)
ssdeep 1536:CO4+UsMmxXWyCN2UR1YNTFuWku67IysR83h37:qsMIWZN2UR1q0X207
TLSH BAA33AF6B500F53EE70585769324ABBC1498F8F0995DD5B3F0822A282B757E02524FBB
Reporter SecuriteInfoCom
Tags:GuLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
239
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
https://dropmefiles.com/UddXC
Verdict:
Suspicious activity
Analysis date:
2021-04-27 08:52:23 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d0b53c8b-1a62-4583-9e90-901142a4dfd1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/144641/
Detection(s):
SecuriteInfo.com.Mal.Generic-S.4355.6333.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/9a5b5d6a-f4b5-4bf6-a6aa-41c849d6888e
Result
Threat name:
Unknown
Detection:
malicious
Classification:
rans.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/699373
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Hides threads from debuggers
Multi AV Scanner detection for submitted file
Potential malicious icon found
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b60440f67015b49577c8f2c61231ddd36c5d343373c3798bfc8cc5c2a1ce14f1/
Threat name:
Win32.Spyware.BtcWare
Create hunting rule
Status:
Suspicious
First seen:
2021-04-27 03:10:05 UTC
AV detection:
17 of 28 (60.71%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wyceb5tqcw2jk56i6ldbemo52nwf2nbtopbxtc74rtc4fiooctyq._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210427-1c8xsg2lhs/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
b60440f67015b49577c8f2c61231ddd36c5d343373c3798bfc8cc5c2a1ce14f1
MD5 hash:
85796a4953cf434baabeefe280019892
SHA1 hash:
a862e0451b5c8fafb4b71f886768eef802c36eca
Link:
https://www.unpac.me/results/f267fb0c-633d-42c9-836c-a3a1a1d86de7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
GuLoader
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b60440f67015b49577c8f2c61231ddd36c5d343373c3798bfc8cc5c2a1ce14f1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/144641/

Comments