MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cdd2c8120d61247bbb83f791071f2d99227cb3f0e5129096441ebef1ab014965. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 16


Intelligence 16 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cdd2c8120d61247bbb83f791071f2d99227cb3f0e5129096441ebef1ab014965
SHA3-384 hash: 620d4a5a8f06004c956dee7c3f26fb7672d947d6eac25b437fb7a8ddf7fc6cadd725092a5976dfa4d9497be99945b423
SHA1 hash: 004e30a4a2ebe306cd71dfe28dd011289cb5a348
MD5 hash: b85b09a61390b3c5a1c70ee916fb80a3
humanhash: winner-west-vermont-moon
File name:cdd2c8120d61247bbb83f791071f2d99227cb3f0e5129096441ebef1ab014965
Download: download sample
Signature GuLoader
Create hunting rule
File size:3'276'309 bytes
First seen:2025-09-03 10:32:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 84062c623770f0d888e4ca58451aa7ad (10 x GuLoader, 1 x Formbook, 1 x RemcosRAT)
ssdeep 98304:bQc82PKZlI758JxP6bfNVxGLrBAwZhTwGL2bAAU0:bQc86t6EbqrVZh8G/AU0
Threatray 700 similar samples on MalwareBazaar
TLSH T15BE5337971838FEBCE85FB707DB3D8A346A41C149D4D7B777A803E8B243611A6D0A264
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10522/11/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
Reporter JAMESWT_WT
Tags:exe GuLoader starmanx-org

Intelligence

File Origin
# of uploads :
1
# of downloads :
108
Origin country :
IT IT
Vendor Threat Intelligence
Malware family:
guloader
Create hunting rule
ID:
1
File name:
cdd2c8120d61247bbb83f791071f2d99227cb3f0e5129096441ebef1ab014965
Verdict:
Malicious activity
Analysis date:
2025-09-03 10:44:10 UTC
Tags:
guloader
Link:
https://app.any.run/tasks/dd6c0667-ad3e-4ec6-9631-47f59435e5f6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Guloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/24903/
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68b8197beb163e0ec1843c20
Tags:
injector virus blic
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a window
Creating a file in the %AppData% subdirectories
Searching for the window
Creating a file
Sending a custom TCP request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context anti-debug blackhole installer microsoft_visual_cc nsis overlay
Link:
https://www.filescan.io/uploads/68b8198339a6221faa7c582c/reports/a1fdd4af-1084-4023-b98d-c7cff5b2c105/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/cdd2c8120d61247bbb83f791071f2d99227cb3f0e5129096441ebef1ab014965
Verdict:
Malicious
File Type:
exe x32
First seen:
2024-08-05T19:16:00Z UTC
Last seen:
2024-08-05T19:16:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/cdd2c8120d61247bbb83f791071f2d99227cb3f0e5129096441ebef1ab014965/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/51c4478e-2659-4bd8-a2d3-1c4d82065e01
Score:
97%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/cdd2c8120d61247bbb83f791071f2d99227cb3f0e5129096441ebef1ab014965
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
Executable NSIS Installer PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/b85b09a61390b3c5a1c70ee916fb80a3
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cdd2c8120d61247bbb83f791071f2d99227cb3f0e5129096441ebef1ab014965/
Threat name:
Win32.Trojan.Makoob
Create hunting rule
Status:
Malicious
First seen:
2024-08-06 00:25:52 UTC
File Type:
PE (Exe)
Extracted files:
9
AV detection:
17 of 36 (47.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zxjmqeqnmeshxo4d66iqohznterhzm7q4ujjbfsed27pdkybjfsq._file
Verdict:
malicious
Label(s):
cloudeye
Create hunting rule
Similar samples:
102c57004decd2173d86522467863123425f1ecccf37561fa34fca5c1de1c402
GuLoader
2fd3d4a53dba424e61cab4f1f7b2f6d02079e0d0f06ed91dcc9f5214b1ee174a
GuLoader
31ee08e0aad9297988beb54957c0fa5bce2d9b1d0d2c16e4932e247c73c19348
GuLoader
49784cd5f974b8266ed02105bc6be8d04b7c7f798726caf15e052ba83a2b4c40
GuLoader
6b023387ea48536d7900b1caff4c3568eb8761b55e0559b5680258bf28c55eec
GuLoader
8cd2c50d76ca6672c8f99a66343af62f3a41c35a141f478f55044198ba8147c9
GuLoader
a6d472279fb47d3881bae4e241d50a96af105b40b82af5cb71ec8f4991bd22f7
GuLoader
cb1ee7fa3edcc9795877868ad56cf32b9d6c3d95ea59d348e55c2b5caf87a180
GuLoader
cdb8d74735fd803936cbb3f259418fa76aa5fa7ad03f8cba3b7d310006052e61
GuLoader
e9b303f24082eaf87853558d2d427ad2eecc78acd538d37e1f4397d378b47c27
GuLoader
error
GuLoader
+ 690 additional samples on MalwareBazaar
Result
Malware family:
guloader
Create hunting rule
Score:
  10/10
Tags:
family:guloader discovery downloader
Link:
https://tria.ge/reports/250903-mlsl8atrw7/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Drops file in Program Files directory
Drops file in Windows directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Loads dropped DLL
Guloader family
Guloader,Cloudeye
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/33adef86-b59b-4c6d-bcaa-20389c5f98e2
Unpacked files
SH256 hash:
cdd2c8120d61247bbb83f791071f2d99227cb3f0e5129096441ebef1ab014965
MD5 hash:
b85b09a61390b3c5a1c70ee916fb80a3
SHA1 hash:
004e30a4a2ebe306cd71dfe28dd011289cb5a348
Link:
https://www.unpac.me/results/cfc88ab6-3eea-4078-81dc-d488d6ae5b15/
SH256 hash:
edf12a3040cff0d801a86c02313d6605b41d766807f3dcb261754cf01b4e14b9
MD5 hash:
e227391c7ff576135eac4871e78ebe2d
SHA1 hash:
85d4bdbb79bdc47095ca35ed2141b2e64d029218
Link:
https://www.unpac.me/results/cfc88ab6-3eea-4078-81dc-d488d6ae5b15/
Malware family:
GuLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/cdd2c8120d61/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cdd2c8120d61247bbb83f791071f2d99227cb3f0e5129096441ebef1ab014965

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
Rule name:Detect_NSIS_Nullsoft_Installer
Create hunting rule
Author:Obscurity Labs LLC
Description:Detects NSIS installers by .ndata section + NSIS header string
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/24903/

Comments