MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bbb52396b03b10c23821b7203f56e0aba1aed9b03d5644eca8f02ead16711bc4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 5 Yara Comments

SHA256 hash: bbb52396b03b10c23821b7203f56e0aba1aed9b03d5644eca8f02ead16711bc4
SHA1 hash: 949212c631987070efc407743f62cf758fe2a261
MD5 hash: 4246feef32b9e07b134fcd832729256f
File name:AMENDED P.O_images..rar
Download: download sample
Signature GuLoader
File size:23'477 bytes
First seen:2020-05-23 11:51:42 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 384:MIYftlXM5UKE0sGyHdDFhF/bFmuC1uQgNqa/E8vc51khC3u/sv3gBExpVV2GpJsy:MI27XM3E08dDF75TCk7FnsS8agbMGpxP
TLSH 96B2F1624CFC251EDF3E8D8BABD01A1C70D32F3525DA18B86B240EEB1DD73A68102145
Reporter @abuse_ch
Tags:GuLoader rar

Malspam distributing GuLoader:

Sending IP:
From: Suzhou Liansheng Chemistry Co., Ltd.. <>
Subject: FWD: AMENDED P.O for Reference
Attachment: AMENDED P.O_images..rar (contains "AMENDED P.O_images.exe")

GuLoader payload URL:


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 19
Origin country US US
ClamAV No detection
VirusTotal:Virustotal results 8.33%
ReversingLabs :No data

File information

The table below shows additional information about this malware sample such as delivery method and external references.



rar bbb52396b03b10c23821b7203f56e0aba1aed9b03d5644eca8f02ead16711bc4

(this sample)

Delivery method
Distributed via e-mail attachment