MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d4d5cdb9d12362b131de0348342451afd270d320e57cd956991945a61d2013f6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d4d5cdb9d12362b131de0348342451afd270d320e57cd956991945a61d2013f6
SHA3-384 hash: e726ae682edaddbc0ff9ab62d8bd8f89619053fb054b6ba8d21283990be85d16a1fa83a78dae918883e18a308d7134ec
SHA1 hash: 0c1d9254a83edba69ec358706f33c2874eebf277
MD5 hash: 90e3ba4a63cfeacbd50df7b942604ff5
humanhash: glucose-florida-five-robin
File name:DHL ARRIVAL SHIPMENT image.jpeg.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:90'112 bytes
First seen:2020-05-05 21:05:51 UTC
Last seen:2020-05-05 21:39:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d7eaad5ed2300069862c79f9fea2fb27 (1 x GuLoader)
ssdeep 768:3Y+ZamIlDeJjZWcDlXX6xNpNOiV2knzjen28BEifJFt6Bh4v9pJBI:IOtqeJtWcZXX6x3siV2knzj4VbJJvFS
Threatray 216 similar samples on MalwareBazaar
TLSH 2893D5117EB4ED72C2147AB1DB69F2AFC7166C302971490724C47A6E6F3A6069C7231F
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.GenKryptik.EJYL.5326.UNOFFICIAL
Create hunting rule

Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/352409
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 21:05:41 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2tk43oorenrlcmo6anedijcrv7jhbuza4v6nsvuzdfc2mhjacp3a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
19f90b17a6bcf1c80551ae576d0949d51df8b8e26437a3a8aa6d5d4d344440c4
GuLoader
1d452b5f3e5d2b6623d0ca35793dfc051e1bf8b237e360906ed055e819235604
GuLoader
2a2329959145b50cb16c5a953ae21be4f5a6a41673991d50f2012398b3abee8e
GuLoader
2b5e50bc3077610128051bc3e657c3f0e331fb8fed2559c6596911890ea866ba
GuLoader
38d18cd2973bf872b3baabd7cc323741f8bd0c660bf9cfc91ddbb237f4618005
GuLoader
55b8c931d255cef1b2541db94a1eea700b9849c253ca5b24f31aeaf272a276c9
GuLoader
69b37a5b3044cb14a9fc32440212f242e52f657b93306f4b90cccc3087ed4773
GuLoader
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
GuLoader
b920d1987e381d9b0944672e76d927fc6e1dc90173990aa1143a1029da87d9f5
GuLoader
d5721cd6f787f4bb734a43f6c321e913a7b74a899e75ebfbc792dd5ee943dd89
GuLoader
+ 206 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-79r3ljwq4s/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments