Summary
GUloader is a sophisticated malware loader that evades detection and poses a significant risk to organizations and individuals. It utilizes evasion techniques, including polymorphic code and encryption, to mask its presence.
Highlights
- GUloader can dynamically alter its structure to evade antivirus software and intrusion detection systems.
- It is distributed through malicious SVG files delivered via email.
- SVG files are widely used vector image files that support interactivity and animation.
- Opening an SVG file triggers the download of a ZIP file, which contains a Windows Script File (WSF).
- The WSF script establishes a connection with a malicious domain and executes the hosted content.
- The hosted content includes shellcode injected into the MSBuild application for further malicious actions.
- GUloader can download and deploy other malware variants.