5e67a4b3794fab152ca627410ee9c798_JaffaCakes118

Reason

config extraction: GuloaderBin: guloader: invalid shellcode

General

Target

5e67a4b3794fab152ca627410ee9c798_JaffaCakes118
Size

764KB
MD5

5e67a4b3794fab152ca627410ee9c798
SHA1

5c82402749af60472fd16bc6516009689855c941
SHA256

ff186dddb163c82828112b0cb6b5c6bc089ea39af70a0106f8e9bab329ea96d0
SHA512

b91cc2137c2701808f97ccc01e3a0792c446c0ba1758f0a6771b81bead97a51db395de47a92b9953da8fb7f46925aa9a6ba002101c7af7f5189b1a9c4fe87e18
SSDEEP

6144:ZSDU/yVxbPWtvkUG4g5gq+Zc9XH5NiYMLpebMYKeEvpC7nEOMf3yMkApUrSFRok:ZSDUCbuNGd5qZGXH5IYbNKpQ4f3DlpY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e67a4b3794fab152ca627410ee9c798_JaffaCakes118

Files

5e67a4b3794fab152ca627410ee9c798_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fca71f739e492b8a677f891719147c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
ord586
__vbaFreeVar
ord587
__vbaStrVarMove
__vbaLenBstr
ord696
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
ord698
_adj_fprem1
__vbaStrCat
ord552
ord660
__vbaSetSystemError
ord661
__vbaHresultCheckObj
ord557
ord558
_adj_fdiv_m32
__vbaAryDestruct
__vbaLateMemSt
ord591
__vbaBoolStr
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
ord702
_adj_fdivr_m16i
ord703
ord704
ord707
ord522
__vbaFpR8
ord523
_CIsin
ord631
ord524
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord527
__vbaGenerateBoundsError
__vbaGet3
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaCyI4
__vbaR4Str
ord560
__vbaObjVar
DllFunctionCall
ord563
_adj_fpatan
ord674
ord676
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord607
ord608
ord609
__vbaFPException
__vbaI2Var
ord537
_CIlog
__vbaErrorOverflow
ord539
__vbaFileOpen
ord647
__vbaNew2
__vbaInStr
ord648
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord573
__vbaI4Str
ord682
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
ord689
ord610
ord611
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
ord615
ord616
__vbaLateMemCallLd
_CIatan
__vbaStrMove
ord618
__vbaI4Cy
ord541
ord542
_allmul
ord651
_CItan
ord546
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 752KB - Virtual size: 751KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

Errors

General

Malware Config

Signatures

Files

7fca71f739e492b8a677f891719147c4

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 752KB - Virtual size: 751KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 752KB - Virtual size: 751KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 3KB