guloader | gugugugug[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

gugugugug.bin
Size

198KB
MD5

9fed8056a8143b4e466c51c4f387deb8
SHA1

9427cabf5dc9e41cf8f6bf9fd6711cab40610d44
SHA256

7fbdcfc41f0c35738dc338732df68db6c9890f48b1281bf2f013cc892b5da202
SHA512

af5d6d0adf495951d3ef4f365ae84ca0be27530bb7368171407f162534b3ddd9855778c297ccc17e8572755dcc5b3b704261fbe94aa2743582d0d264abb92bd3
SSDEEP

3072:Mex1vTDfYa+yD/nbYbsePxOPUgaoIZ3U/kwpgdzAmBIW4vLyrXqdSigrax/jZQmD:MkTjYI/nEQePY2tdLxmdSigux/9H

Score

10^/10

guloader

Malware Config

Signatures

Guloader family
guloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gugugugug.bin

Files

gugugugug.bin
.exe windows x86

b547b1487151c8557bcbc6c24574ec6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
VirtualAlloc

Sections

.text
Size: 512B - Virtual size: 66B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 196KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE