MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 c228a5356a247fc6ed50ff785a9364a7a9656c8f30e09e82f6e3f498a7f43353. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
GuLoader
Vendor detections: 4
| SHA256 hash: | c228a5356a247fc6ed50ff785a9364a7a9656c8f30e09e82f6e3f498a7f43353 |
|---|---|
| SHA3-384 hash: | 6186b0dbb4bb85afe5d749a8fb9a12d29bae523c7acfd3e36bc466fa395f29b61d8c25e042ed0a273004f9fef553d26c |
| SHA1 hash: | 456a4c63bd381c04b3d957de504a6837d70aa82f |
| MD5 hash: | a1c3a25955bb8dd7224ff08088ff013b |
| humanhash: | mississippi-december-twenty-florida |
| File name: | ORDER.exe |
| Download: | download sample |
| Signature | GuLoader |
| File size: | 66'904 bytes |
| First seen: | 2020-05-13 10:15:00 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 785347ac5bd5e90dd443187dc727dabe (1 x GuLoader) |
| ssdeep | 1536:LjJA87TdKKUEmBbCkM+ZzQQBa1fsMUfT:dgKUEmBbCkVQbE |
| Threatray | 5'108 similar samples on MalwareBazaar |
| TLSH | 8663E511E1F4653BE4B7EF74AE7083E54229BC382A09844F695779CACF31906E668337 |
| Reporter |  abuse_ch |
| Tags: | exe GuLoader |
Code Signing Certificate
| Organisation: | Ridd3 |
|---|---|
| Issuer: | Ridd3 |
| Algorithm: | sha256WithRSAEncryption |
| Valid from: | May 13 01:19:37 2020 GMT |
| Valid to: | May 13 01:19:37 2021 GMT |
| Serial number: | 00 |
| Intelligence: | 325 malware samples on MalwareBazaar are signed with this code signing certificate |
| Cert Central Blocklist: | This certificate is on the Cert Central blocklist |
| Thumbprint Algorithm: | SHA256 |
| Thumbprint: | B009B29C74668D3B058F1D03079A8D6367F8DC11DAB2568CDFBA3D4C124ECCBA |
| Source: | This information was brought to you by ReversingLabs A1000 Malware Analysis Platform |
abuse_ch
Malspam distributing unidentified malware:HELO: mail-rs204.nsresponse.com
Sending IP: 184.170.148.101
From: 국제 결제 <rowen@taratrading.co.za>
Subject: Re: 신속한 확인 T\x0aT 자동 알림
Attachment: invoice.img (contains "ORDER.exe")
Intelligence
File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Gathering data
Threat name:
Win32.Trojan.Injector
Status:
Malicious
First seen:
2020-05-13 16:46:20 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
21 of 31 (67.74%)
Threat level:
5/5
Detection(s):
Suspicious file
Verdict:
malicious
Label(s):
guloader
Similar samples:
+ 5'098 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
7/10
Tags:
n/a
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.