guloader | gugu_sc[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

gugu_sc.exe
Size

145KB
MD5

4b227ab74d528a24f54f8123700c0e35
SHA1

32a8cbae91d3c1452e0076cafd1d6befdf92b9c1
SHA256

ff3c97250c67bf02a06e31d0da8a16f762d0eef173efe230677f7633741b3d0b
SHA512

2a1be39af2730921550824fee5f4df6d763cf6bbf9e5d97c33eec558a0a361f0e8f79d69e29f358afc46d77d7fcdacf1a9537fa1ff4f4c1a320fcf85b75749eb
SSDEEP

3072:cC/0jyqm1PdXkDpfd+xS8vRZIda0XUgm/wdSTBm9t:xX1mD/x2LIda7V/wQ89

Score

10^/10

guloader

Malware Config

Signatures

Guloader family
guloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gugu_sc.exe

Files

gugu_sc.exe
.exe windows:5 windows x86

b547b1487151c8557bcbc6c24574ec6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
VirtualAlloc

Sections

.text
Size: 512B - Virtual size: 66B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 143KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE