guloader | gugu_sc[.]bin | Triage

Sharing

General

Target

gugu_sc.bin
Size

145KB
MD5

0a22a2c627ad285d2a2a6929d587a532
SHA1

b7a1607b8da85b8015a8ef5ca034ff276c5ab19f
SHA256

e12942cc7e34ea60d5cf902df8ca3d39a9cf062a9c8d83b06aa0ca45a6aa6626
SHA512

7f5e28e2442967972040cb6207e39c8b545f0b5273f2c98ec31b699400dead9e279bcc1b7644ca65fb3cb58eba03a344ab670ab37dab704154d0dcdb65c6e03f
SSDEEP

3072:bC/0jyqm1PdXkDpfd+xS8vRZIda0XUgm/wdSTBm9t:WX1mD/x2LIda7V/wQ89

Score

10^/10

guloader

Malware Config

Signatures

Guloader family
guloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gugu_sc.bin

Files

gugu_sc.bin
.exe windows:5 windows x86

b547b1487151c8557bcbc6c24574ec6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
VirtualAlloc

Sections

.text
Size: 512B - Virtual size: 66B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 143KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE