MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 dd95ca4e9ebb20cd4d2e26adfded37285e4321ef95bcee7dd0bbaf309eac8a38. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
GuLoader
Vendor detections: 5
| SHA256 hash: | dd95ca4e9ebb20cd4d2e26adfded37285e4321ef95bcee7dd0bbaf309eac8a38 |
|---|---|
| SHA3-384 hash: | b1dd01366a0f6e769155f27f4801facdf8c05c117d2d53540d6270a1f62fe07f3797bc4f20a5a789cf8a7b0be57b6b59 |
| SHA1 hash: | d82b6f31793a0cab27094369c8c0734b6de3cb7c |
| MD5 hash: | 9fe5d007a917b4fb35603183dd698b67 |
| humanhash: | alpha-uniform-jersey-lactose |
| File name: | order.exe |
| Download: | download sample |
| Signature | GuLoader |
| File size: | 65'536 bytes |
| First seen: | 2020-06-10 06:48:53 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | c079e14d5529f056dc504be77472d3ed (1 x GuLoader) |
| ssdeep | 768:b3w6+GMjJvbviB3/bD8GqHsOmbvDqVubj0ra0GOIDLK+n3Fzu+S31T6FRob:b3kG0gXsHsOoRj5OiLK+n3wIR0 |
| Threatray | 838 similar samples on MalwareBazaar |
| TLSH | B9536B5F6D48E963E02087B0297282A56B15BC386901BF4B3E5C7F5DEA316837DD331A |
| Reporter |  abuse_ch |
| Tags: | exe GuLoader |
abuse_ch
Malspam distributing GuLoader:HELO: server.ecomotorhk.com
Sending IP: 162.144.56.225
From: Andy Chung (RINNO ALUMINUM CO., LTD) <chy5304@daum.net>
Subject: Request for Quotation - V-40795
Attachment: RFQ_F40796.pdf.img (contains "order.exe")
GuLoader payload URL:
http://149.255.36.133/bin_PqLAqQjAza233.bin
Intelligence
File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Detection(s):
Gathering data
Threat name:
Win32.Infostealer.Fareit
Status:
Malicious
First seen:
2020-06-10 06:50:14 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
5/5
Detection(s):
Malicious file
Verdict:
malicious
Label(s):
guloader
Similar samples:
+ 828 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
5/10
Tags:
n/a
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.