27d8da90b04774d8dc488c68a88bcaff | Triage

Sharing

Reason

config extraction: GuloaderBin: guloader: invalid shellcode

General

Target

27d8da90b04774d8dc488c68a88bcaff
Size

1.2MB
MD5

27d8da90b04774d8dc488c68a88bcaff
SHA1

73cd41a214ffd228afa8efad301b4c419ce2a022
SHA256

b962ca4ab70ca86d848ab69b132d0a4c7be9dd2a134af921151e020bca1b32fd
SHA512

5f6bda939b69b2197b67f1a422d62eed5d504ed3598f2aecb3654db6b7507d87ad8fd79c0fc0a4036aab87c94f4e66f9b2fc53112d103021da3b0193c72551de
SSDEEP

24576:7927wgPgg93QOobHOep9gfywCSsC0iaVvoXLOBwESNJkrQomGJ4:79gjAO0T7ST0FVvoXamgzmH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Windows Vista Activation/Activate.exe

Files

27d8da90b04774d8dc488c68a88bcaff
.rar
Windows Vista Activation/Activate.exe
.exe windows:4 windows x86 arch:x86

3bee22c951c10b1acf8c6f372dc60c5d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaFreeVar
__vbaAryMove
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
ord598
__vbaFpR8
_CIsin
ord632
__vbaChkstk
__vbaAryConstruct2
__vbaI2I4
DllFunctionCall
__vbaFpUI1
_adj_fpatan
__vbaUI1I2
_CIsqrt
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaInStrVar
ord717
__vbaUbound
ord535
ord644
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaVar2Vec
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord573
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaAryLock
__vbaStrToAnsi
__vbaFpI2
__vbaFpI4
ord617
_CIatan
__vbaStrMove
__vbaAryCopy
ord619
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeStr

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Vista Activation/www.9down.com.url