guloader | 9f046aa9e46726891c302fd2db9a3190_JaffaCakes118 | Triage

Sharing

General

Target

9f046aa9e46726891c302fd2db9a3190_JaffaCakes118
Size

60KB
MD5

9f046aa9e46726891c302fd2db9a3190
SHA1

b760b61ed7262d10664deb923944e6a4276df77d
SHA256

adb7d7dc2e9f52d63b90bc7bd871a0c13c07ee8ce730d624f398b7acbc57054a
SHA512

baf1a4a8b79a0289bb5cfee134e90ad7ee917b19be8be66ed333652442185ea8924969819b1b2be3dde166359d8a06ecaa6150fa4ac663853b28d62ee5a92d80
SSDEEP

384:A3K7pE7vPFJUOIg9J+ZE+IBU7c7G1Mrn1qYNMgbnJF7hXKHeBNgw9KsWjDlNpje/:Ii67PFJagDQVxYnLtF90Gfmnpj+

Score

10^/10

guloader

Malware Config

Extracted

Family

guloader

C2

http://wewewewewesesesesasbacwederffggffddsss.duckdns.org/jks/bbn.bin

Signatures

Guloader family
guloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9f046aa9e46726891c302fd2db9a3190_JaffaCakes118

Files

9f046aa9e46726891c302fd2db9a3190_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5df652ff6cd5afdfe1b3841e42216a08

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
ord513
__vbaFreeObjList
_adj_fprem1
ord628
ord554
__vbaHresultCheckObj
_adj_fdiv_m32
ord667
ord591
__vbaBoolStr
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord707
__vbaFPFix
__vbaFpR8
_CIsin
ord525
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaR4Str
__vbaObjVar
ord562
__vbaCastObjVar
_adj_fpatan
ord675
ord569
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
ord530
__vbaFPException
__vbaStrVarVal
_CIlog
ord647
__vbaFileOpen
__vbaNew2
__vbaR8Str
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaVarSetObj
__vbaStrCopy
ord575
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaLateMemCall
__vbaVarDup
ord612
__vbaVarLateMemCallLd
_CIatan
__vbaStrMove
ord541
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ