guloader | ad43f3fc71f6a60d723fc0c337194407_JaffaCakes118

General

Target

ad43f3fc71f6a60d723fc0c337194407_JaffaCakes118
Size

76KB
MD5

ad43f3fc71f6a60d723fc0c337194407
SHA1

c1968ad38b4abcbdf5495e02196f50049d0ab5c7
SHA256

e90df5915bb87cf1cceb6d493b3e64887f9f503ad49d625d32b7ab7df75e233e
SHA512

122b1e1d65ae181c16cd48eaac9d9f4e25a224733f3af51a4b74690e74d7f9381d5ddf242b85be62ab6e0a7d00e776d258ddda23435e75303358e2b8a3e0f811
SSDEEP

768:Ipz/6LTUmch8yNNldHvGSmJPmdakdHxmtebxmHSSw2TS2qWNG8H4e:lTUnLLH5dO24

Score

10^/10

guloader

Malware Config

Extracted

Family

guloader

C2

https://dfsdfbdz.ml/newman2.bin

xor.base64

Signatures

Guloader family
guloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad43f3fc71f6a60d723fc0c337194407_JaffaCakes118

Files

ad43f3fc71f6a60d723fc0c337194407_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5a2694d2a45cdd03219826cf9351cd2b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord582
ord690
_CIcos
_adj_fptan
__vbaHresultCheck
ord692
__vbaVarMove
__vbaFreeVar
ord588
__vbaStrVarMove
ord696
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
ord698
__vbaFreeObjList
ord516
ord517
_adj_fprem1
ord628
__vbaStrCat
ord552
ord660
ord554
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenBstrB
ord663
ord664
_adj_fdiv_m32
__vbaAryDestruct
ord591
ord669
ord592
__vbaBoolStr
ord593
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
ord598
ord520
ord706
_CIsin
ord525
__vbaChkstk
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
ord560
__vbaObjVar
DllFunctionCall
ord670
ord564
ord671
ord672
_adj_fpatan
ord674
ord568
ord675
ord677
ord678
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
ord535
ord536
ord537
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaVarSetObj
__vbaI4Str
ord574
__vbaFreeStrList
ord682
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
ord689
ord610
__vbaLateMemCall
__vbaVarDup
ord612
_CIatan
__vbaStrMove
_allmul
ord652
_CItan
__vbaFPInt
ord547
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

5a2694d2a45cdd03219826cf9351cd2b

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 56KB - Virtual size: 54KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 12KB - Virtual size: 9KB

.text
Size: 56KB - Virtual size: 54KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 12KB - Virtual size: 9KB