MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dd2e44f31e3158a713931d11f336664a5b23890471461ffd06a5515bca9485c1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dd2e44f31e3158a713931d11f336664a5b23890471461ffd06a5515bca9485c1
SHA3-384 hash: ce3a95d9d9cf10cd3b83f8262d3587470c9bc1651fc79945a5152b0da7971d2192a506d89f5f4423746238680bb822a0
SHA1 hash: 0e81a911c016cb15a0f4bcb80c0ba0427953edc7
MD5 hash: 9d7f4dcaf5e6ef75ed4eae0f16dfc7d7
humanhash: mountain-ink-cardinal-princess
File name:Tracking No_SINI0035249718.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:102'400 bytes
First seen:2021-01-25 14:28:08 UTC
Last seen:2021-01-25 17:23:08 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 901434c98a0ac9771b4195fb76cfab24 (2 x GuLoader)
ssdeep 1536:RWZsVu2tSB8dwLgo/WDkfzvx1IbxuO0zd2gGOc4cffuxX1:i8u2I63iFfzp1iD0B2gGOc4cut1
TLSH D0A31895B380F266D15D8DF04F5302B832846D30293A5FD7E2C2362D6771AD29BED7A2
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
254
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Tracking No_SINI0035249718.exe
Verdict:
No threats detected
Analysis date:
2021-01-25 14:33:59 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/efa863fa-d482-4753-be1c-6aab1343fa57

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Guloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/113714/
Detection(s):
SecuriteInfo.com.Trojan.VbCrypt.1970.17579.19260.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/589470
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dd2e44f31e3158a713931d11f336664a5b23890471461ffd06a5515bca9485c1/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-25 10:05:39 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
16 of 28 (57.14%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3uxej4y6gfmkoe4tdui7gntgjjnshcieofdb77iguvivxsuuqxaq._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210125-nmt6cwq7jn/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
dd2e44f31e3158a713931d11f336664a5b23890471461ffd06a5515bca9485c1
MD5 hash:
9d7f4dcaf5e6ef75ed4eae0f16dfc7d7
SHA1 hash:
0e81a911c016cb15a0f4bcb80c0ba0427953edc7
Link:
https://www.unpac.me/results/fad30009-e9c4-4a25-84c7-9da5f02ef5d7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.42
Link:
https://yomi.yoroi.company/submissions/dd2e44f31e3158a713931d11f336664a5b23890471461ffd06a5515bca9485c1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/113714/

Comments