MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b93f8ab520d94792e242a0c903ef2a8cce77a3a9f969e44749e4f2768333d96e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b93f8ab520d94792e242a0c903ef2a8cce77a3a9f969e44749e4f2768333d96e
SHA3-384 hash: cc46da446657954f951d8ecd20326564dcc4721178293c85bc949d36bca6af315b2967e89f1a60419f981d801ae75335
SHA1 hash: cd6428253bd54d6cff151ae1074d09166a6ae50f
MD5 hash: ffe910260cdab6d20ea3450b247eed0d
humanhash: muppet-march-magnesium-cup
File name:PRMIE.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-13 09:53:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0dcde6449ff60f55b3e1148249005121 (1 x GuLoader)
ssdeep 768:1MhhyGAjAadvJBtjN1+08O8wlHsB/iP7oaAyiApDbFzOna2BAGdrnHmh+:ohQNdxvN1L8WlMBKg8F4z
Threatray 5'142 similar samples on MalwareBazaar
TLSH 27931B17B2994622D2745A71DB2CCBEC036BAD202D414C433AC43F9C1A37AA5A6F7377
Reporter abuse_ch
Tags:exe geo GuLoader KOR


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: toi12.com
Sending IP: 173.82.154.37
From: 서진효 <daewon77@daum.net>
Reply-To: daewon77@daum.net
Subject: REMINDER [울산북항 LNG PKG]Request for Quotation_터미널 1단계 LNG Package 건설공사
Attachment: Required Equipment Item Specification_8915963B.img (contains "PRMIE.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.ArtemisFFE910260CDA.19965.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 05:09:38 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xe7yvnja3fdzfyscudeqh3zkrthhpi5j7fu6ir2j4tzhnazt3fxa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
5628310c6fe718d77dadbc5c8cb6238faa27942517b590c2a87c07aadca429d6
GuLoader
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
GuLoader
8842ac3497c777517b2f18152eabaa0994a460d249773a5e89a4e16bca2bd741
GuLoader
9847005465ae681d1d9533697106492027a1d55b64b0ca1b6f2a79730a5140a4
GuLoader
9fba6ffeb90dd242748718d8272a4942496e76a4f68bdb4dd42f93b044b5ed50
GuLoader
b1ab330d8407adbc0731fd66b869bca53515ccf732d1ad498515e5e04f993de4
GuLoader
b228d75e595d01315f96909833ea8c7cb694dda499c54aaf3e261d2c7275cba5
GuLoader
d7aef406cc623d210aa08b240098e0976b28d745685385b8aee5df41e78e5e4e
GuLoader
ebb1d3f1ac0d238e6eb3ae96d4ebc49fb5a38c8669e74e65145c858339211dc7
GuLoader
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
GuLoader
+ 5'132 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-hhk91nhy9e/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img d99c4612278f06ef3b3376391a0cbe4b5cd7a683b18c3c2e35731cea3cea8fc7

GuLoader

Executable exe b93f8ab520d94792e242a0c903ef2a8cce77a3a9f969e44749e4f2768333d96e

(this sample)

  
Dropped by
MD5 3dd37b7942aaceda5d2db157b9b6bcaf
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 d99c4612278f06ef3b3376391a0cbe4b5cd7a683b18c3c2e35731cea3cea8fc7

Comments