guloader | 9ac0724cd20d2574580f0bf06b8aea75_JaffaCakes118 | Triage

Sharing

General

Target

9ac0724cd20d2574580f0bf06b8aea75_JaffaCakes118
Size

60KB
MD5

9ac0724cd20d2574580f0bf06b8aea75
SHA1

5e2088c4bdae79d584f5478782337701a8467cda
SHA256

aa4b6310c2dbd466a089cd9a7a414a50c3124f70c763fc0d1cb7c922e29c3890
SHA512

1e43b5a267c6bcfbe7493ccdf9b5493126bdbeb6bb049e7c020fa51aa829be08d6ab686aa51a47bb239c0b25c088fa38dea9cd9f2d93d65b9e02155d98d62da4
SSDEEP

768:/HV30jqxr5ScACZXpzsXUKY5l02d1zButV2:/13eqxlFAatOwR7

Score

10^/10

guloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks

xor.base64

Signatures

Guloader family
guloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9ac0724cd20d2574580f0bf06b8aea75_JaffaCakes118

Files

9ac0724cd20d2574580f0bf06b8aea75_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4b4efa0e43a114447e1f338e04ff8c2f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
ord513
__vbaFreeObjList
_adj_fprem1
ord628
ord554
__vbaHresultCheckObj
_adj_fdiv_m32
ord667
ord591
__vbaBoolStr
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord707
__vbaFPFix
__vbaFpR8
_CIsin
ord525
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaR4Str
__vbaObjVar
ord562
__vbaCastObjVar
ord672
_adj_fpatan
ord675
ord569
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
ord530
__vbaFPException
_CIlog
ord647
__vbaFileOpen
__vbaNew2
__vbaR8Str
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaVarSetObj
__vbaStrCopy
ord575
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaLateMemCall
__vbaVarDup
__vbaVarLateMemCallLd
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ