1f5e60b472cfca480a6e3606f9ee23d3_JaffaCakes118

Reason

config extraction: GuloaderBin: guloader: invalid shellcode

General

Target

1f5e60b472cfca480a6e3606f9ee23d3_JaffaCakes118
Size

476KB
MD5

1f5e60b472cfca480a6e3606f9ee23d3
SHA1

0880dbee10f94bc876408f9af7ea72dc208164de
SHA256

6defc42c8005e054399e1b39a81fb595fb2aed17d6e3f82f4de73f9bb23e9e4f
SHA512

6f5ff9e6c4a35c96e1c0ac2f4757ea4cdd2d8647e09dbe434120065e4df92dc83f4e5f717c69cfcd65fc5c007ccfc2ba613e9b4bd4cf7ece6ef7386aafaec883
SSDEEP

6144:rmBKuNtRCydpi15I30bJw0Pv3PA31FSonhfwbS:rpuNtQMi3I30Vw0PvPA3GonSW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f5e60b472cfca480a6e3606f9ee23d3_JaffaCakes118

Files

1f5e60b472cfca480a6e3606f9ee23d3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

280414390fc62009a517b5d691c6d362

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
ord690
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
ord587
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
ord697
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryDestruct
ord593
ord594
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
ord631
__vbaChkstk
EVENT_SINK_AddRef
__vbaAryConstruct2
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
ord606
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
ord535
__vbaI2Var
_CIlog
__vbaFileOpen
__vbaNew2
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord573
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
ord610
__vbaVarAdd
__vbaLateMemCall
__vbaVarDup
__vbaStrToAnsi
__vbaVarLateMemCallLd
ord616
_CIatan
ord540
__vbaStrMove
__vbaUI1Str
_allmul
ord544
_CItan
ord546
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 448KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

Errors

General

Malware Config

Signatures

Files

280414390fc62009a517b5d691c6d362

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 448KB - Virtual size: 444KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 20KB - Virtual size: 19KB

.text
Size: 448KB - Virtual size: 444KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 20KB - Virtual size: 19KB