e9fbf5c7fdfc2da4b2d7ed895930f632_JaffaCakes118 | Triage

Sharing

Reason

config extraction: GuloaderBin: guloader: invalid shellcode

General

Target

e9fbf5c7fdfc2da4b2d7ed895930f632_JaffaCakes118
Size

60KB
MD5

e9fbf5c7fdfc2da4b2d7ed895930f632
SHA1

d5eacc3b926dfffa77d4a5c557d5285e9e44d6e9
SHA256

ab973da4f0e9666e56b3a028e860d613624593c4d3d9c59f0b2afb845ffbf4e6
SHA512

8ee354661cba6a7aa63c643fbebdf1c94a3b4b9c50ff4d3e1213a5058d3587e3b3f7a7e9ae8567bf85d4e16fc223ccf5e82684d96690c9837cb3c0f614ae9169
SSDEEP

768:G60DIn+HAPmxcBZiryYdNQiFgcST3IKV0n1CcgS:EI+HAPOcTiddNQGSzIw0nM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
e9fbf5c7fdfc2da4b2d7ed895930f632_JaffaCakes118

Files

e9fbf5c7fdfc2da4b2d7ed895930f632_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7a7c8461405da8aceac3c75694b4a55a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
ord559
__vbaExitProc
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
ord520
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
ord528
__vbaR4Str
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaVarErrI4
ord608
__vbaFPException
_CIlog
ord539
__vbaFileOpen
__vbaNew2
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
ord680
__vbaI4Str
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaVarDup
__vbaStrComp
__vbaFpI4
_CIatan
__vbaStrMove
_allmul
ord544
ord652
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ