MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e45126e1fced974616b02a44e0a0d6c17d3788161010dd18a1429e69b5f6a947. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GuLoader

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	e45126e1fced974616b02a44e0a0d6c17d3788161010dd18a1429e69b5f6a947
SHA3-384 hash:	f5bc9d831f602e0e3746ee94b557d91cf1e02d4bc1cb3564aeff911cb33fe700fa30dc3f862486b1f08a88de02961f85
SHA1 hash:	cd463062a6a40ee0297aaa35213d6f4ace727902
MD5 hash:	2be4cef3c2e36231b7adcb4a159a00eb
humanhash:	potato-november-bakerloo-river
File name:	CONSTRUCCIONES Y SERVICIOS VAZQUESUR (OFERTA 092122).exe
Download:	download sample
Signature	GuLoader Create hunting rule
File size:	90'112 bytes
First seen:	2021-09-22 12:03:09 UTC
Last seen:	2021-09-22 13:40:37 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	4b82967fdfc14d4519122dc367d279d2 (7 x GuLoader)
ssdeep	1536:cO8LKTwVS4WXIf+DqjxrrkKvLU2da81pOMI/:q+ISXi+Dq1/jvLhda81Do
Threatray	5'669 similar samples on MalwareBazaar
TLSH	T120939E3A6C9FDDA7D0D6A071C94BE6F5F121AC25F60BCB076D10BEDB3930E025192166
File icon (PE):
dhash icon	78f8f2d6d4acd9d2 (12 x GuLoader)
Reporter	abuse_ch
Tags:	ESP exe geo GuLoader

Intelligence

File Origin

# of uploads :

3

# of downloads :

159

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

CONSTRUCCIONES Y SERVICIOS VAZQUESUR (OFERTA 092122).exe

Verdict:

No threats detected

Analysis date:

2021-09-22 12:10:50 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/a8cd896f-331c-481c-b3be-7a1a0c909e1d

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/190137/

Detection(s):

SecuriteInfo.com.__vbaHresultCheckObj.11697.28173.UNOFFICIAL

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/93b1f839-1eb2-4191-91fd-dac87359a29f

Result

Threat name:

GuLoader

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/855538

Signature

C2 URLs / IPs found in malware configuration

Found malware configuration

Found potential dummy code loops (likely to delay analysis)

GuLoader behavior detected

Hides threads from debuggers

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Writes to foreign memory regions

Yara detected GuLoader

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e45126e1fced974616b02a44e0a0d6c17d3788161010dd18a1429e69b5f6a947/

Threat name:

Win32.Trojan.GuLoader

Status:

Malicious

First seen:

2021-09-22 11:52:15 UTC

AV detection:

18 of 28 (64.29%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=4risnyp45wlumfvqfjcobigwyf6tpcawcain2gfbikpgtnpwvfdq._file

Verdict:

suspicious

Label(s):

cloudeye

Similar samples:

0330d6ce24c120c8b37a691bebfe1fc023bda398d26942c2775c1bfb886a6f75

2771001533219c30ec24046a9fba6c67a665c9c48f01947e2040c65318b83f7e

407da066b56d8c792547a82e039b6d258eba85fe6f7b5dd3656813ca5c2870b3

460a85fda060cc0c8ab5a1aace37dc1f14bc400f4a3b011e613f64e0000c77b6

79e6799e2eb9dbe27b29e3707175322014ffdfbb943c791977d592017a46ad9c

7f97b36a796167d7d641a811c64ac23e7ff9998422308aec6d5753b9625f3729

d51d90494967e7f04fb03f0f0919afce4597860e34fa80bb116c8683dce0126c

+ 5'659 additional samples on MalwareBazaar

Result

Malware family:

guloader

Score:

10/10

Tags:

family:guloader downloader

Link:

https://tria.ge/reports/210922-n8ngfscdf6/

Behaviour

Suspicious use of SetWindowsHookEx

Guloader,Cloudeye

Unpacked files

SH256 hash:

e45126e1fced974616b02a44e0a0d6c17d3788161010dd18a1429e69b5f6a947

MD5 hash:

2be4cef3c2e36231b7adcb4a159a00eb

SHA1 hash:

cd463062a6a40ee0297aaa35213d6f4ace727902

Link:

https://www.unpac.me/results/fffb29a5-4caa-4bc5-9e04-a193ec731b95/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e45126e1fced974616b02a44e0a0d6c17d3788161010dd18a1429e69b5f6a947

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/190137/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample