MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ffde5f140ccfa44ed65b3e0e26b53988317a3bb314fae58a94d73ea47e7cb943. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ffde5f140ccfa44ed65b3e0e26b53988317a3bb314fae58a94d73ea47e7cb943
SHA3-384 hash: 4bc0075499d41f8e283b321d0fa819e3992c9cdca0222a93e5fc81d9baaaa479ded5426ac715854c119186ece90c82ee
SHA1 hash: 76cbad6cb82f0a8498aebabd79ab21f0bf5dcd49
MD5 hash: 67b2893adc3df4f21c86934d139f1c48
humanhash: fifteen-november-fanta-carolina
File name:Svinebrster.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:114'688 bytes
First seen:2021-02-02 14:42:40 UTC
Last seen:2021-02-02 16:57:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b5a3f6fbbf3adb41f40267462777f44b (2 x GuLoader)
ssdeep 1536:sRDBlBAIStjE7HAKJwookJufyYV4ED0OrELJRGzT+/DBz:oXStjE7HnjufL4jOO/
Threatray 4'808 similar samples on MalwareBazaar
TLSH C1B3E677BBD1F4D6D606C4B18D12C2B81297FC319B198E03B2C4272E397ABD949A1376
Reporter Anonymous
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
177
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Svinebrster.exe
Verdict:
No threats detected
Analysis date:
2021-02-02 14:42:10 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/6a59acea-16f8-4606-b290-0e1e54615e93

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Guloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/115162/
Detection(s):
SecuriteInfo.com.Variant.Midie.78892.13182.10550.UNOFFICIAL
Create hunting rule

Win.Packed.Midie-9829106-0
Create hunting rule

Win.Malware.Generic-9829111-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
GuLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/596760
Signature
Found potential dummy code loops (likely to delay analysis)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected GuLoader
Yara detected VB6 Downloader Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ffde5f140ccfa44ed65b3e0e26b53988317a3bb314fae58a94d73ea47e7cb943/
Threat name:
Win32.Trojan.Midie
Create hunting rule
Status:
Malicious
First seen:
2021-02-02 14:43:05 UTC
AV detection:
11 of 45 (24.44%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=77pf6famz6se5vs3hyhcnnjzrayxuo5tct5olcuu247ki7t4xfbq._file
Verdict:
unknown
Similar samples:
06c893904f277dff0e318a0f775bc13322a11573eecc55237d4b55b968ca51ba
GuLoader
18f4123ee42f5a29f8df7bd1cf95ab73441f082584f390aa218c2dd1134f4055
GuLoader
193a7b4684ef1fcbff753f7466d61b17e11a6335a3c47a09569ec72f181d652a
GuLoader
1da069d39e2e88c624698760567c4019ca2de990b05c429be843355a0531b51a
GuLoader
56f092288a058f47cf4a38c04dac8f8fd19a6ba34039bf7803df8928fe03d630
GuLoader
5a1ff51485fd7f49e413093ab5c705265a6d5ec108c1ce955fbe99da3d29aa33
GuLoader
7af7b083ccaf83c1b1b4c7083b4c121472846f1b7343a0a83c883a8561fc62dc
GuLoader
a6f34907ae34f485e4091ba122886cb32a2cc27856d580fe289c8861d6241f27
GuLoader
e69b8fd60587c96889281d8d227d73f3e3f279c7b40902489a4359277ae9f727
GuLoader
eca9894179ef698c8568b19123c1cea81607e5523804827c91fb12d228faf34a
GuLoader
+ 4'798 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210202-9n89btnype/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
ffde5f140ccfa44ed65b3e0e26b53988317a3bb314fae58a94d73ea47e7cb943
MD5 hash:
67b2893adc3df4f21c86934d139f1c48
SHA1 hash:
76cbad6cb82f0a8498aebabd79ab21f0bf5dcd49
Link:
https://www.unpac.me/results/f191b8ac-5e26-44e8-99cd-8dfa3204cb33/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ffde5f140ccfa44ed65b3e0e26b53988317a3bb314fae58a94d73ea47e7cb943

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/115162/

Comments