guloader | mkpub_invoice_3009[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

mkpub_invoice_3009.bin
Size

145KB
MD5

b9e6878b1f499a370cb247db1024c52e
SHA1

a3e2848a27a27450819d2bda46da34fdd3d50974
SHA256

3dc961c71638a1e094a91dd52466778b1750703f30fafce6ff686ae2b045872a
SHA512

eb1682b3549717be9435aed56d1fa993e9e44f0fc9a8d0383c86d33172d9d248897984b8356454e22ccacac240609e4a388d933d3b7cd623913c0ea0f44d3a81
SSDEEP

3072:XC/0jyqm1PdXkDpfd+xS8vRZIda0XUgm/wdSTBm9t:yX1mD/x2LIda7V/wQ89

Score

10^/10

guloader

Malware Config

Signatures

Guloader family
guloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
mkpub_invoice_3009.bin

Files

mkpub_invoice_3009.bin
.exe windows:5 windows x86

Password: infected

b547b1487151c8557bcbc6c24574ec6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
VirtualAlloc

Sections

.text
Size: 512B - Virtual size: 66B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 143KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE