MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e0f53d67eb5d4a5bab2f6d0bbaff502896e12572b97bf0350c88cfac3fcc5b8f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	e0f53d67eb5d4a5bab2f6d0bbaff502896e12572b97bf0350c88cfac3fcc5b8f
SHA3-384 hash:	31cd69aa849437ed69a7a12fda4904629133e9429f978bea2d53267cf4c3ace7b1391d8a3efd94f28f0a1067767cd172
SHA1 hash:	83d7a6cb77eff285ed7b1950438fa3573d5b31fd
MD5 hash:	3f695fa46992bd20300728e9245c87f8
humanhash:	uranus-three-coffee-saturn
File name:	NP__000009116_11-05-2021_08_40_37.exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	81'920 bytes
First seen:	2021-05-11 09:08:58 UTC
Last seen:	2021-05-11 09:57:51 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	ec8e962978786706cf0189109090c85e (5 x GuLoader)
ssdeep	1536:1HDgHBRiC/5r4b01V/M7FWf0Nq7Iz/a2GeD:JY4+542/YFWfea2Ge
Threatray	1'253 similar samples on MalwareBazaar
TLSH	7A83C4263F50E4B1E8C3A8F9371071B64FE23B360217A14FF38D731776B96159A16A1A
Reporter	Anonymous
Tags:	GuLoader

Intelligence

File Origin

# of uploads :

2

# of downloads :

204

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Guloader

Link:

https://www.capesandbox.com/analysis/154978/

Detection(s):

SecuriteInfo.com.__vbaHresultCheckObj.16263.25786.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

troj.evad

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/778434

Signature

C2 URLs / IPs found in malware configuration

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Found malware configuration

Found potential dummy code loops (likely to delay analysis)

Multi AV Scanner detection for submitted file

Tries to detect virtualization through RDTSC time measurements

Yara detected GuLoader

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e0f53d67eb5d4a5bab2f6d0bbaff502896e12572b97bf0350c88cfac3fcc5b8f/

Threat name:

Win32.Trojan.Vebzenpak

Status:

Malicious

First seen:

2021-05-11 05:12:08 UTC

AV detection:

4 of 47 (8.51%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=4d2t2z7llvffxkzpnuf3v72qfclocjlsxf57animrdh2yp6mlohq._file

Verdict:

malicious

Label(s):

cloudeye

Similar samples:

37fba5e93049ee78ac1fdf1fafe945636680193ddcb1dc9533f2c9ac80d3744c

479f929625a3e8a8f98256c3a020f5946e0d88fd7e3582e47b63500679d46585

522735989689a96d0e10e926aae941e58a695062254573c5796bb129e4c7703e

5c2766a9b8df935b6144459c3ae5c8f6b7cab54ab844cc78ae770ed1481c4220

6147decc439b9d258f5b19f77dfa47ea441e681c49e0b699533eea18104f4092

6670269c08d80b6511029d06dfa07711a5e0bb1494107da5dc9d9d5661f010f3

6e6fa2f1d1b7e3c37b6c7a18a4bd750e6ca980741c87af931c17d2ed7e469c3e

93ff33867e6593f0e5a80ba261665c6f162bceed6cb39362811a70aa6561cf11

a5fb63409bbc68224d3e2be7511cc6a49fd205892813890c3a76feeabd5a5e56

c2544476ab17fd3fb816a97f08f16548a73c106cca80e1f5e185086d25a9f414

+ 1'243 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210511-144jz2vhr2/

Behaviour

Suspicious use of SetWindowsHookEx

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/e0f53d67eb5d4a5bab2f6d0bbaff502896e12572b97bf0350c88cfac3fcc5b8f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/154978/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample