7d1650bf0c9514f10f3ec3277cd5656a0b061fe6f55aab9745faa3c2855ff2b5

Reason

config extraction: GuloaderBin: guloader: invalid shellcode

General

Target

7d1650bf0c9514f10f3ec3277cd5656a0b061fe6f55aab9745faa3c2855ff2b5
Size

256KB
MD5

d820a2f74cdad5091eb5cdd7676c5a2d
SHA1

d62d55a8e4c294ed3708ca94a48af81383ba39b4
SHA256

7d1650bf0c9514f10f3ec3277cd5656a0b061fe6f55aab9745faa3c2855ff2b5
SHA512

e3476bbf251087c6a6228dd0cf43d97da5e4ff2875459ac72b14a09c8a99065c69990f05b8e8183bed3af5b7bda58550f08f6b8ad64e971300242d0cc5a77fd4
SSDEEP

6144:lRHI6Ia+05WU1R/qk40om9HlcNavNMWPb:lRHIM+Fm0

Score

N/A

Malware Config

Signatures

Files

7d1650bf0c9514f10f3ec3277cd5656a0b061fe6f55aab9745faa3c2855ff2b5
.exe windows x86

5ed5411c56d4a88d1cfcec08493006a3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaAryMove
__vbaStrVarMove
__vbaLenBstr
__vbaPut3
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaNextEachVar
__vbaFreeObjList
ord517
_adj_fprem1
ord626
ord519
__vbaForEachCollAd
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
ord667
__vbaAryDestruct
ord593
__vbaFileCloseAll
ord594
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaRefVarAry
_CIsin
__vbaErase
ord525
__vbaVarZero
__vbaChkstk
__vbaFileClose
ord526
ord527
__vbaGenerateBoundsError
__vbaGet3
__vbaCyI2
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
ord561
__vbaObjVar
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
ord601
__vbaUI1I2
_CIsqrt
__vbaStr2Vec
__vbaUI1I4
__vbaExceptHandler
ord711
ord712
__vbaStrToUnicode
ord606
ord713
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaInStrVar
ord717
__vbaStrVarVal
__vbaUbound
__vbaVarCat
ord644
ord537
ord645
__vbaExitEachVar
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaInStr
__vbaVar2Vec
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaI4Str
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaAryLock
__vbaVarDup
__vbaStrToAnsi
__vbaFpI4
__vbaVarCopy
ord616
__vbaLateMemCallLd
_CIatan
ord618
__vbaAryCopy
__vbaStrMove
__vbaForEachVar
_allmul
_CItan
__vbaNextEachCollAd
__vbaFPInt
__vbaUI1Var
__vbaAryUnlock
_CIexp
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

uneykto
Size: 4KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

Errors

General

Malware Config

Signatures

Files

5ed5411c56d4a88d1cfcec08493006a3

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 92KB - Virtual size: 92KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 152KB - Virtual size: 152KB

uneykto Size: 4KB - Virtual size: 32KB

.text
Size: 92KB - Virtual size: 92KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 152KB - Virtual size: 152KB

uneykto
Size: 4KB - Virtual size: 32KB