guloader | 0b63fa4f141229a6450a7ad8b5709d8d_JaffaCakes118

General

Target

0b63fa4f141229a6450a7ad8b5709d8d_JaffaCakes118
Size

63KB
MD5

0b63fa4f141229a6450a7ad8b5709d8d
SHA1

6e042486716a1e5029e7c84733e070d008e34bb6
SHA256

51aec932db01fc08aec8d681c44129d3850bb8a60dfe4632a28eda582123325c
SHA512

534c59de24e8ffbf4e92452d99036f34c51c385dba7b2af2ff9024db7cbaeed7ef16f27d2b9e35f504ffbea13cde60ea0495a5815ec75496496c3fc3bddbedd6
SSDEEP

768:adFkM89gcWFuMXC8kA4myqxjYAEM3en4ZxbvYG2ZgXhkowBld2GeDC+PrBdH2+g8:gkMFcOuMk1yiunZQYkVe1FdH2JNy

Score

10^/10

guloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1fnZYdfwUJYzHFLrXgG7wIq6WxcijjIHV

xor.base64

Signatures

Guloader family
guloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SOA.exe

Files

0b63fa4f141229a6450a7ad8b5709d8d_JaffaCakes118
.zip
SOA.exe
.exe windows:4 windows x86 arch:x86

0f7cc043c597a232f7a22c4ce6f7b60a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
ord696
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
ord628
__vbaStrCat
ord554
__vbaHresultCheckObj
ord662
ord664
_adj_fdiv_m32
__vbaAryDestruct
__vbaLateMemSt
ord595
__vbaObjSet
ord596
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaFpR8
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaObjVar
__vbaCastObjVar
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord606
_adj_fprem
_adj_fdivr_m64
ord716
__vbaFPException
__vbaStrVarVal
_CIlog
ord539
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
ord684
_adj_fdiv_r
ord100
__vbaVarTstNe
ord610
__vbaLateMemCall
__vbaVarAdd
__vbaVarDup
__vbaFpI4
__vbaVarLateMemCallLd
__vbaLateMemCallLd
_CIatan
__vbaStrMove
_allmul
ord544
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

0f7cc043c597a232f7a22c4ce6f7b60a

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 100KB - Virtual size: 97KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 80KB - Virtual size: 79KB

.text
Size: 100KB - Virtual size: 97KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 80KB - Virtual size: 79KB