MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ea36f17e9a118b567da5b9be48f13527cdd109da17d5e5abb0809f9356622f9b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ea36f17e9a118b567da5b9be48f13527cdd109da17d5e5abb0809f9356622f9b
SHA3-384 hash: 153e4349692c636ce4bd6fba699622fda489af6f1113fd43c4bf2800dda7e9076f5a1fce58c210c5f15a7b8381b7ce6a
SHA1 hash: 2c29267c98ff52bb6a44e3e3dca1c0d1c668c870
MD5 hash: 6540b24ec7d131ccbc57624915f9180c
humanhash: angel-lactose-fifteen-romeo
File name:Zahlung_03242021_jpg.scr
Download: download sample
Signature GuLoader
Create hunting rule
File size:98'304 bytes
First seen:2021-03-25 07:09:26 UTC
Last seen:2021-03-29 14:15:25 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0ecd972e837a1a17658b43cce3314253 (2 x GuLoader)
ssdeep 1536:8g9twd+oMfleXcQ2T9gg86snOuC194pnLbl8Xc0Eew04nPai0Kt:8nQeXoT1W19259i0
TLSH 71A3B4F3D5E98F50EA21B2334484D52D2755E8253712CFC71E247A4E2CBC613ADB2BA6
Reporter TeamDreier
Tags:GuLoader

Intelligence

File Origin
# of uploads :
4
# of downloads :
290
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Zahlung_03242021_jpg.scr
Verdict:
No threats detected
Analysis date:
2021-03-25 07:13:13 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/fe886bb3-56f2-434c-9083-ca3cb6cba4d3

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.45968843.1022.8448.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Gathering data
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/653410
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Found potential dummy code loops (likely to delay analysis)
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ea36f17e9a118b567da5b9be48f13527cdd109da17d5e5abb0809f9356622f9b/
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2021-03-25 04:21:19 UTC
AV detection:
3 of 48 (6.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5i3pc7u2cgfvm7nfxg7er4jve7g5cco2c7k6lk5qqcpzgvtcf6nq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210325-pccqrcya92/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
ea36f17e9a118b567da5b9be48f13527cdd109da17d5e5abb0809f9356622f9b
MD5 hash:
6540b24ec7d131ccbc57624915f9180c
SHA1 hash:
2c29267c98ff52bb6a44e3e3dca1c0d1c668c870
Link:
https://www.unpac.me/results/cec78684-6ebe-4278-91d4-5f826c58aac8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.10
Link:
https://yomi.yoroi.company/submissions/ea36f17e9a118b567da5b9be48f13527cdd109da17d5e5abb0809f9356622f9b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments