guloader | 23bbcf4afa025004fe089a67cf444068_JaffaCakes118 | Triage

Sharing

General

Target

23bbcf4afa025004fe089a67cf444068_JaffaCakes118
Size

68KB
MD5

23bbcf4afa025004fe089a67cf444068
SHA1

52f5b7911b81e7642a3ca57a82da9985b8651b96
SHA256

3c33e6937e13636c74f6af17483efa0ce5985fa4cf24fa3b67aab656bd3d14a8
SHA512

29a88f3181f65ee13fa2a6ec87a16558df9449f9f95c51d078c9b09416e389db30e19588aad0e69642ad3071a25b16f4da56a246a1a6b1a47e0eb222904481b8
SSDEEP

1536:zrTK7c6PAk8EJPPPPXMCiq1MU5BPWQjo4iktl:zSPjJPPPPXUNM1WN4P

Score

10^/10

guloader

Malware Config

Extracted

Family

guloader

C2

https://onedrive.live.com/download?cid=6BE8F132430D55A2&resid=6BE8F132430D55A2%21128&authkey=AB-gr2sRaVtcAns

xor.base64

Signatures

Guloader family
guloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23bbcf4afa025004fe089a67cf444068_JaffaCakes118

Files

23bbcf4afa025004fe089a67cf444068_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9e956a07477d06701208b12bda9240f6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
ord661
__vbaHresultCheckObj
ord557
_adj_fdiv_m32
ord591
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
ord706
_CIsin
__vbaChkstk
ord633
EVENT_SINK_AddRef
__vbaStrCmp
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
_adj_fprem
_adj_fdivr_m64
ord609
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaVarDup
ord617
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ