MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 dafcce2c7c8accbf547a0eacc1afaa148a751ce7af9b3d8d41ef476c95c9cdb8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
GuLoader
Vendor detections: 4
| SHA256 hash: | dafcce2c7c8accbf547a0eacc1afaa148a751ce7af9b3d8d41ef476c95c9cdb8 |
|---|---|
| SHA3-384 hash: | 0672a09ae376ef7b3d3281c530c05dd9f498bed2a3ba3f603da16d43d5d351ab097967b8e2b85e44a6c3fd3509edcd35 |
| SHA1 hash: | a4ea03c31d30cd4e253e66ab10414dd98acda144 |
| MD5 hash: | 14095d6d1801281c6cb5a2fbf49180f9 |
| humanhash: | failed-helium-magnesium-paris |
| File name: | E-procurement.exe |
| Download: | download sample |
| Signature | GuLoader |
| File size: | 65'536 bytes |
| First seen: | 2020-06-10 06:51:17 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 666cd9b34ddb1e05af70e6f1fb5dc2e0 (2 x GuLoader) |
| ssdeep | 768:bBRGMjJvbviBAgCg009oc8FJZY5t3OLVXBLOWw4ThTui6Lbe:bBRG0Dg0gT8FknAvO0Tme |
| Threatray | 972 similar samples on MalwareBazaar |
| TLSH | 9A535B5B2D4CE9A3E16087703A62A4A15715BC780502BE473ECCAF5DEB325C27DE371A |
| Reporter |  abuse_ch |
| Tags: | exe GuLoader |
abuse_ch
Malspam distributing GuLoader:HELO: mail.huclangia.gq
Sending IP: 64.52.164.230
From: WTO: World Trade Organization <wto.gov@huclangia.gq>
Reply-To: admin.procurement@wto.gov
Subject: WTO Procurement
Attachment: E-procurement.zip (contains "E-procurement.exe")
GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1Dm42HfE_i6IgkQ4bauX0O1BtT3Vl0ItD
Intelligence
File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Detection(s):
Gathering data
Threat name:
Win32.Infostealer.Fareit
Status:
Malicious
First seen:
2020-06-10 06:52:14 UTC
AV detection:
26 of 31 (83.87%)
Threat level:
5/5
Detection(s):
Malicious file
Verdict:
malicious
Label(s):
guloader
Similar samples:
+ 962 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
5/10
Tags:
n/a
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.