MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fcf4597470e4342ddf7911195ac0069baca4dcef90e31c0bbd889153312c9ba5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fcf4597470e4342ddf7911195ac0069baca4dcef90e31c0bbd889153312c9ba5
SHA3-384 hash: b18899be5a5bcaeba1c2eaa5b8b24ceb57af2aaba331626d6cf3fb953c82d3523172303598043e10e7c0056c50480176
SHA1 hash: 195ef2c03217d78a34f975e17e8b70e2746dd305
MD5 hash: 7c4367028b4ec337c4209e2825d60562
humanhash: oscar-oven-hotel-steak
File name:Invoice_FY2019201533_from_INSTAONE_INFOTECH_PVT_LTD.scr.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:176'128 bytes
First seen:2020-05-05 13:42:10 UTC
Last seen:2020-05-05 14:52:50 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c6158dafbfc6cb9926355160c31fd89b (1 x GuLoader)
ssdeep 3072:jyHDJ9ZuThVdZRBrkxtECpaQSg8/geUAs:m+bkVeg85
Threatray 264 similar samples on MalwareBazaar
TLSH DE0453413AA1DC1DF8503AB2D3EAF1AEDB449C74F875625F25B2BD0A1B34C405EE1B29
Reporter James_inthe_box
Tags:exe GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.KillProc2.10287.31265.15137.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vebzenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 01:19:40 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7t2fs5dq4q2c3x3zcemvvqagtowkjxhpsdrryc55rcivgmjmtosq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
08573c8eb12aabb14b6645a6630c8ab937bc9e36e1883d23062bfca41bb438e8
GuLoader
4729e8e24dbf89c9ac42039bf7c462a3cdf0fe732b981eaa566cbd03a6cb4268
GuLoader
4ea2f3bcf61af074cf7b6f6b566c95bef78126999cf79a5c6b67e0df9c0b28bf
GuLoader
59537f07eaef89b19794f6c71c2e58a1d55a778804fdd614301d184495efa33f
GuLoader
712e43ae7f3f228367ad7a3208bd6f1c1f38628a699a22dd3e2744545b724344
GuLoader
828813d52e8a48831c00c3013a32b8a4f3addd4fbb3f26736a2ee17c55aa1a9c
GuLoader
b3e92239a3565de8f57e3db18b8cf4563a690e82b0072f8bd06721d6e95e8410
GuLoader
d9b4215f118a22d7ce610c93d49796c66e6d7a2177149b667d2fa0049f1d09dd
GuLoader
db1a6e4c123218f4eb1bbf4720dd0ac58ceb2ba667d5c987c5e83c45de560f35
GuLoader
fa99453512105bf46824ba46c52de05468ccee072549e41771c4f3633f94d3a2
GuLoader
+ 254 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-ra6j4hklj6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments