MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d418b33e0f47d43fcc31e623c7c2b581aa9df51fb47a15414a8bb45b009f813b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d418b33e0f47d43fcc31e623c7c2b581aa9df51fb47a15414a8bb45b009f813b
SHA3-384 hash: 9c650300ba4394ccb16ecab00b1fe835ad2825762b0473d3bcd4820f6fe06987cd6555daa66a10c769b94338be1bde61
SHA1 hash: 046201d7e11291c6222d319079b4e5069e80f211
MD5 hash: cd36e4c2c4aaf8d52d1606b19b8a24f4
humanhash: twelve-arkansas-five-asparagus
File name:SecuriteInfo.com.Win32.Outbreak.7132.1329
Download: download sample
Signature GuLoader
Create hunting rule
File size:322'920 bytes
First seen:2022-10-25 07:38:06 UTC
Last seen:2022-10-25 10:41:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1f23f452093b5c1ff091a2f9fb4fa3e9 (282 x GuLoader, 38 x RemcosRAT, 27 x VIPKeylogger)
ssdeep 6144:aIw3VXVyT8nteCWz+EZ03aI+Ee+LDe+PVZeanLnfXcT:hT2gCWznZkl+ENLp1zf6
Threatray 122 similar samples on MalwareBazaar
TLSH T1506402385B83F853E816557213B1E46F7770E46D3ABA080B7E279ABEF670907062E315
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 5870b4909888d8fc (1 x GuLoader)
Reporter SecuriteInfoCom
Tags:exe GuLoader signed

Code Signing Certificate

Organisation:
Issuer:
Algorithm:sha256WithRSAEncryption
Valid from:2021-11-10T09:11:46Z
Valid to:2024-11-09T09:11:46Z
Serial number: 0c6399918a101a5f
Thumbprint Algorithm:SHA256
Thumbprint: 8a429e6de458aa68864a7b7f2d17afecbe9f766b13525db0ce4d0b93e031b73a
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
207
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SC01083B00191208SCHK.pdf
Verdict:
Malicious activity
Analysis date:
2022-10-25 01:26:54 UTC
Tags:
trojan opendir exploit cve-2017-11882 loader
Link:
https://app.any.run/tasks/933c9ba6-47c3-46a5-9bf2-9d53696db6dd

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/323831/
Detection(s):
SecuriteInfo.com.Win32.Outbreak.7132.1329.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a window
Creating a file
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/45302/overview
Behaviour
MalwareBazaar
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/44b1414b-76f4-455c-81ff-581e68d272c4
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1097325
Signature
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d418b33e0f47d43fcc31e623c7c2b581aa9df51fb47a15414a8bb45b009f813b/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-10-24 07:15:42 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
7 of 26 (26.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2qmlgpqpi7kd7tbr4yr4pqvvqgvj35i7wr5bkqkkro2fwae7qe5q._file
Verdict:
malicious
Label(s):
cloudeye
Create hunting rule
Similar samples:
1d3e8941eb686b154fca77b2c80b84a19fdf21ebd298dc55d4519310ed011add
GuLoader
296d3276af7f064b6e29fd453f3273c4fbf7d47d5afa4a2ecb80b594467d85df
GuLoader
2f35e754d4ed60b61a7621e22710426b1d1ade21cd31cb4b2d71a88b2a53decc
GuLoader
98e098fe55b289c3e03c0f18a79ed66fc95677b680aa0877bd7b83d8d853bbb9
GuLoader
9f47ed5d4825d6cf54c46856454b381f0a594dfdaa5027af5dc8379df03bcaa8
GuLoader
cbbf5f08eb9fd0467576bf23b709d414ce9e7061b028c29ce08f179af6e60a97
GuLoader
d3a66173013a037b63d6ab4eb79916bb7e32cea117a3a12ed823f1f41ee69ce2
GuLoader
ef98f88e2af062e52962b309ec92736c485ce509e6319271cdde46e030455b5b
GuLoader
+ 112 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/221025-jgyqwsbhfl/
Behaviour
Enumerates physical storage devices
Drops file in Windows directory
Loads dropped DLL
Unpacked files
SH256 hash:
f004c568d305cd95edbd704166fcd2849d395b595dff814bcc2012693527ac37
MD5 hash:
8b3830b9dbf87f84ddd3b26645fed3a0
SHA1 hash:
223bef1f19e644a610a0877d01eadc9e28299509
Link:
https://www.unpac.me/results/d543af51-b109-42b9-a8a3-f0b47cce48fb/
SH256 hash:
d418b33e0f47d43fcc31e623c7c2b581aa9df51fb47a15414a8bb45b009f813b
MD5 hash:
cd36e4c2c4aaf8d52d1606b19b8a24f4
SHA1 hash:
046201d7e11291c6222d319079b4e5069e80f211
Link:
https://www.unpac.me/results/d543af51-b109-42b9-a8a3-f0b47cce48fb/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d418b33e0f47d43fcc31e623c7c2b581aa9df51fb47a15414a8bb45b009f813b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe d418b33e0f47d43fcc31e623c7c2b581aa9df51fb47a15414a8bb45b009f813b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2383873/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/323831/

Comments