Extracted

• • Target

    VirusShare_4aa5734fe9c86184f931f4ddaf2d4d7b

  • Size

    64KB

  • MD5

    4aa5734fe9c86184f931f4ddaf2d4d7b

  • SHA1

    a066ccad76f3c63d053cd68ac8692d4f4acf82ac

  • SHA256

    2e18ad3e470b97415beb2cdb8e3ef7510bad21f0a5add020a7f9343dd959eeaa

  • SHA512

    7355ffd3fc59af49af1d57f5327c7442a12c8e5ddc6ec9e176cc27fd4986cd6182f5f6ce91f892c07029efcac37f90d4dd077b6bb226b54c40621b94987a044c

  • SSDEEP

    384:rdP9JIA7uJ1wK2xBpHbVbl+NGYD90pSCfZziEKffhaekBfdReVwoGHdRsArr2rOR:R9JIqNl/SSrrpBfiIdRsorZucnjtsq

  Score

  10^/10

  guloaderdiscoverydownloaderpersistence

  • Guloader family

    guloader

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2