MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e63df6a7f5c2a30456c884959644745ee0174df416492324c5ee31635958f855. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e63df6a7f5c2a30456c884959644745ee0174df416492324c5ee31635958f855
SHA3-384 hash: 37c26932273717c586e466671eaeca5dc30318318b23fa7808304344257d18d06f630a18bbc5f5b73a7ad7c043e73881
SHA1 hash: a16a2b1406f1b4c7e05375d146276af1ed3e7685
MD5 hash: 3decb9340d920f5ccfade20e8cfc398c
humanhash: bravo-lemon-black-stream
File name:our.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-05-25 14:42:39 UTC
Last seen:2020-05-25 16:12:01 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 8a5c13e6065c4507b42b2f7519b1f413 (1 x GuLoader)
ssdeep 1536:wsmGDju5wS6cn8KadD44C2doGc7ZCsHSxB:QGDjEVSjCUoGcU
Threatray 209 similar samples on MalwareBazaar
TLSH 32B3C442B6D8FC92EE121EB14FD59E640E26BC232D624B43B14F77AD35771E12FA0216
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5573/
Detection(s):
SecuriteInfo.com.Trojan.Heur.VP2.gm0@aefk0Tpb.22954.19979.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vbkrypt
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 14:42:29 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1da069d39e2e88c624698760567c4019ca2de990b05c429be843355a0531b51a
GuLoader
46387625361cd440a23520b7bda25f402b586d00a44229754ab776e5e1bf34f7
GuLoader
50a5970afc0a5e55eb16da4d20a7f2ab4af3386d58751b276583aad18969ccac
GuLoader
8d6e4671da660a178432514e56aaf7445ea4f03a60f20cc9b6d29826ab435975
GuLoader
b092a330b736b90c25196d0784455f5d605aae83dca16f8569451236204d0976
GuLoader
b4e68cc1125476baac15e128b8e5daacbe857a05c525da252348ba0844ecca83
GuLoader
b5e4950f8979f18ad063f3df3fb483aa88273271254201dbc0e5241b7713edc2
GuLoader
d335fad41e3f9b09effaf617e6c56554b667191c9c94f4b644a15b396408858b
GuLoader
dcafd8ba263cf7e448be257a8d25c968a0060908f93f9d02a068bb0dd482879f
GuLoader
e661bc38b20992b846232fd3d6cbe914bb46ae68b39ce7e7a348be2ba5261851
GuLoader
+ 199 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-g8x72g1v2a/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/5573/

Comments