guloader | 41acb889fd1bfbddb933ef94716e48e2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

41acb889fd1bfbddb933ef94716e48e2_JaffaCakes118
Size

64KB
MD5

41acb889fd1bfbddb933ef94716e48e2
SHA1

c8ab142e5e6e06a98eee843626df599febf78024
SHA256

96b2cce52b1c346c590ca0e7ebbb44b64c6c90ed35264b036f863cf9ab5fb82b
SHA512

a72652c8ce35bde533ded9e77fb043830fcd28e199ec090b28a0f1bece6f4a13fed2e030345d1f0fc622853fdd1f14b588aa8ba1cf638e3d0a0a29a4dd4b766c
SSDEEP

768:N6D8lzy+G8lpIfVOqboZxCsjsKqCj4yaZtMXFWvoP/YG:K8waODClsKvNaZtMVxHB

Score

10^/10

guloader

Malware Config

Extracted

Family

guloader

C2

http://biendaoco.com/wp-content/plugins/revslider/admin/000333.bin

xor.base64

Signatures

Guloader family
guloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41acb889fd1bfbddb933ef94716e48e2_JaffaCakes118

Files

41acb889fd1bfbddb933ef94716e48e2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7d80fd35ea9ecbbc1d7efa87157d7b29

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
ord588
__vbaStrVarMove
ord696
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaLateMemSt
__vbaObjSet
_adj_fdiv_m16i
ord702
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
ord529
__vbaObjVar
_adj_fpatan
ord675
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
ord710
__vbaExceptHandler
ord711
_adj_fprem
_adj_fdivr_m64
__vbaFPException
ord537
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaI4Str
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaInStrB
__vbaStrComp
__vbaVarDup
__vbaFpI2
__vbaLateMemCallLd
_CIatan
__vbaAryCopy
__vbaStrMove
ord541
_allmul
ord651
ord544
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ