b1fd880cb2bcb0734a3e017c382f09bc_JaffaCakes118

Reason

config extraction: GuloaderBin: guloader: invalid shellcode

General

Target

b1fd880cb2bcb0734a3e017c382f09bc_JaffaCakes118
Size

508KB
MD5

b1fd880cb2bcb0734a3e017c382f09bc
SHA1

a7202070aefbf198101a6cb235c21dff725d36d7
SHA256

59850c8eafe10398e5425a2aaa60193d16d9fe533d6655d862fef8b8ffa22b8f
SHA512

07421eb46ca7c5dc35d53415f74daa3148b779d4cc6e01b126ed8f75c636316a20904fbba1a809c5adcd24ae8776a5c69e61d66a4593e136f318ce976ae61d7b
SSDEEP

12288:jHnI2kg8zY6QJHIM3lHrGK2AFI4h6wxfD70:rnIVzYIM39rGDatfH0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1fd880cb2bcb0734a3e017c382f09bc_JaffaCakes118

Files

b1fd880cb2bcb0734a3e017c382f09bc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

366ec7896d2a1347133902a2944ee558

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
ord660
__vbaLsetFixstr
__vbaSetSystemError
ord661
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord521
_CIsin
ord525
ord632
__vbaChkstk
ord526
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaPrintObj
DllFunctionCall
_adj_fpatan
__vbaLateIdCallLd
ord678
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaVarCat
ord645
_CIlog
__vbaErrorOverflow
__vbaNew2
ord570
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaI4Var
ord610
__vbaLateMemCall
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaFpI4
ord616
_CIatan
__vbaStrMove
ord540
ord618
__vbaR8IntI4
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 480KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

Errors

General

Malware Config

Signatures

Files

366ec7896d2a1347133902a2944ee558

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 480KB - Virtual size: 477KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 20KB - Virtual size: 19KB

.text
Size: 480KB - Virtual size: 477KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 20KB - Virtual size: 19KB