MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d9b4215f118a22d7ce610c93d49796c66e6d7a2177149b667d2fa0049f1d09dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d9b4215f118a22d7ce610c93d49796c66e6d7a2177149b667d2fa0049f1d09dd
SHA3-384 hash: 0dad4cd6cd5ce9fdcc2ef92ab38864299c452a064be67592f5fdc050553422c156cf7e53cce3401fb291a58c480807b6
SHA1 hash: 53c80abb79a35277c48c91de22968c67574a72bd
MD5 hash: 6d01886592b3e1f68ef9d2e52ef70b76
humanhash: louisiana-cat-single-nuts
File name:Payment AND Invoices.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-05 05:45:40 UTC
Last seen:2020-05-05 06:48:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d2d5fa1fe035ecf7ba11b75342af63e8 (1 x GuLoader)
ssdeep 1536:HmPQJ0Ur+PzaPe7cyu7hJl5MhhDJX8OCofzLHkalt7:Hlrdx7/l5MhhNXDCCLHtn
Threatray 785 similar samples on MalwareBazaar
TLSH 0DB331405AE5FC1AE8A93AF2D725F09DC7806D35A871722BAAC1714F5F394909F3072B
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.44380.23474.3301.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 22:59:47 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3g2ccxyrrirnpttbbsj5jf4wyzxg26rbo4kjwzt5f6qajhy5bhoq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08573c8eb12aabb14b6645a6630c8ab937bc9e36e1883d23062bfca41bb438e8
GuLoader
4729e8e24dbf89c9ac42039bf7c462a3cdf0fe732b981eaa566cbd03a6cb4268
GuLoader
4ea2f3bcf61af074cf7b6f6b566c95bef78126999cf79a5c6b67e0df9c0b28bf
GuLoader
59537f07eaef89b19794f6c71c2e58a1d55a778804fdd614301d184495efa33f
GuLoader
712e43ae7f3f228367ad7a3208bd6f1c1f38628a699a22dd3e2744545b724344
GuLoader
828813d52e8a48831c00c3013a32b8a4f3addd4fbb3f26736a2ee17c55aa1a9c
GuLoader
b3e92239a3565de8f57e3db18b8cf4563a690e82b0072f8bd06721d6e95e8410
GuLoader
db1a6e4c123218f4eb1bbf4720dd0ac58ceb2ba667d5c987c5e83c45de560f35
GuLoader
fa99453512105bf46824ba46c52de05468ccee072549e41771c4f3633f94d3a2
GuLoader
fcf4597470e4342ddf7911195ac0069baca4dcef90e31c0bbd889153312c9ba5
GuLoader
+ 775 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-pdvqpp5hbs/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments