guloader | 0dc3f44425c7a381db6a34c368c1d5d2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0dc3f44425c7a381db6a34c368c1d5d2_JaffaCakes118
Size

80KB
MD5

0dc3f44425c7a381db6a34c368c1d5d2
SHA1

310aa32d2baf22cd89287affba3a4f0455baa8c4
SHA256

428d9344732516e73243f5a2da5506b134e841d762b1f7b897f584d72d523078
SHA512

e5a51a2e973a7019524058a7b24bbe354096f5ec8135b1a3c83aefa50f4cb1716926cabe95c588b21c0a878de9a2c12f96b6f028d754f102459b39acda8e59fa
SSDEEP

1536:NNOv9NWFNVeCnisK/1xfTVlp8x/YXDvi5MyUbL5YmxQEhq:revWwkisK/1xfT/p8JYXDvi5If5YWQEQ

Score

10^/10

guloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1eCNeUqBN1AagFTofixYSovTbymQ4Rkgf

xor.base64

Signatures

Guloader family
guloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dc3f44425c7a381db6a34c368c1d5d2_JaffaCakes118

Files

0dc3f44425c7a381db6a34c368c1d5d2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

96888280bc077340192cf12741a75308

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
ord557
ord664
_adj_fdiv_m32
__vbaLateMemSt
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaFpR8
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaObjVar
_adj_fpatan
ord677
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
ord716
__vbaFPException
__vbaStrVarVal
ord538
_CIlog
__vbaNew2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaVarSetObj
__vbaFreeStrList
ord575
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaStrComp
__vbaFpI4
__vbaLateMemCallLd
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ