Loading... Additional Content is being loaded
Windows Analysis Report 20211129.exe
Overview
General Information
| Sample Name: | 20211129.exe |
| Analysis ID: | 532897 |
| MD5: | 672587fb175264ef8b45a2b0857f273f |
| SHA1: | ab7c2f5edf572d5b28d7da50f548d73d49f92b71 |
| SHA256: | c00b66ef61df2012b269bca3e60b301478641292948f1cac579096603ad67f98 |
| Infos: | |
|
Most interesting Screenshot:  |
|
Detection
GuLoader
| Score: | 96 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Potential malicious icon found
Multi AV Scanner detection for submitted file
Yara detected GuLoader
Hides threads from debuggers
Sigma detected: Suspicious Svchost Process
Writes to foreign memory regions
Tries to detect Any.run
C2 URLs / IPs found in malware configuration
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses 32bit PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Tries to load missing DLLs
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Checks if the current process is being debugged
Sample execution stops while process was sleeping (likely an evasion)
PE / OLE file has an invalid certificate
JA3 SSL client fingerprint seen in connection with other malware
Creates a process in suspended mode (likely to inject code)
Classification
AV Detection: |
  |
|---|
| Found malware configuration |
| Source: |
Malware Configuration Extractor: |
||
| Multi AV Scanner detection for submitted file |
| Source: |
Virustotal: |
Perma Link | ||
| Source: |
Metadefender: |
Perma Link | ||
| Source: |
ReversingLabs: |
|||
Compliance: |
|
|---|
| Uses 32bit PE files |
| Source: |
Static PE information: |
||
| Source: |
HTTPS traffic detected: |
||
| Source: |
HTTPS traffic detected: |
||
| Source: |
HTTPS traffic detected: |
||
| Source: |
HTTPS traffic detected: |
||
| Source: |
HTTPS traffic detected: |
||
| Source: |
HTTPS traffic detected: |
||
| Source: |
HTTPS traffic detected: |
||
| Source: |
HTTPS traffic detected: |
||
| Source: |
HTTPS traffic detected: |
||
Networking: |
|
|---|
| C2 URLs / IPs found in malware configuration |
| Source: |
URLs: |
||
| JA3 SSL client fingerprint seen in connection with other malware |
| Source: |
JA3 fingerprint: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
Network traffic detected: |
||
| Source: |
UDP traffic detected without corresponding DNS query: |
||
| Source: |
String found in binary or memory: |
||
| Source: |
String found in binary or memory: |
||
| Source: | |||