Play interactive tourEdit tour
Analysis Report http://covid19vaccine.hopto.org/march%20OG.exe
Overview
General Information
Detection
GuLoader
Score: | 88 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected GuLoader
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected VB6 Downloader Generic
Abnormal high CPU Usage
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
PE file contains strange resources
Potential browser exploit detected (process start blacklist hit)
Uses code obfuscation techniques (call, push, ret)
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_VB6DownloaderGeneric | Yara detected VB6 Downloader Generic | Joe Security | ||
JoeSecurity_GuLoader | Yara detected GuLoader | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Antivirus / Scanner detection for submitted sample | Show sources |
Source: | Avira URL Cloud: |
Multi AV Scanner detection for dropped file | Show sources |
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: | |||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link |
Source: | File opened: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | HTTP traffic detected: |