Extracted

• • Target

    1e6b0b8ccd020dbe46b92b0db77c1562820ea85e3a1cd7d43710ff88473f9346.exe

  • Size

    60KB

  • MD5

    ffb001f4c074a6fe90d5dc3b6fd41cc4

  • SHA1

    454bbfdfeccc5d3c4e7dc1825652d28baf4b3979

  • SHA256

    1e6b0b8ccd020dbe46b92b0db77c1562820ea85e3a1cd7d43710ff88473f9346

  • SHA512

    dc6b9d74380eb48ff840616194966470a5c621b3591f3c298986977b3cd2dfa118d0bf6c96e7ebf3c74f836938eb90b0e684bbcfadd907c357b33f9176bdaab4

  • SSDEEP

    384:3TlcjrzwmhJdHaYGsb5PITPQlG4G4czruJjDPs6pvCYHP1HA3cF:343wOEowTPP14hjNpd1HA3c

  Score

  10^/10

  guloaderdiscoverydownloader

  • Guloader family

    guloader

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader

  • Checks QEMU agent file

    Checks presence of QEMU agent, possibly to detect virtualization.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2