40f82ce361a215334908649e8e8593f1_JaffaCakes118

Reason

config extraction: GuloaderBin: guloader: invalid shellcode

General

Target

40f82ce361a215334908649e8e8593f1_JaffaCakes118
Size

376KB
MD5

40f82ce361a215334908649e8e8593f1
SHA1

cd16817ed8f9fa4a4fb57c29516078e385e0795a
SHA256

d8b1dd15a7867c2d74b655bbc55c96b8ad689d93c423fab1c9e8c4fb8a5e6c55
SHA512

2e17ccdcb9489c9a04db3f960e5adbef946cd79a44d97a01e5488ed8bb69ac9757b76e6292e4472f008d0064bd91a0b6dd78ef49af75d38efadcc3254474a586
SSDEEP

6144:9NjcznADtqhGmV5pikVXUTSOpmczaTrecbZ1rfFZh5vRA:9NILSWGmvkTrq5Xfv3m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40f82ce361a215334908649e8e8593f1_JaffaCakes118

Files

40f82ce361a215334908649e8e8593f1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a55c887e1536a8604ce1210e6d67c776

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CallWindowProcW

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaAryMove
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
ord516
_adj_fprem1
__vbaCopyBytes
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
ord665
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaVarForInit
__vbaStrLike
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaVarIndexLoad
_CIsin
__vbaErase
ord631
__vbaVarZero
__vbaChkstk
EVENT_SINK_AddRef
ord527
__vbaGenerateBoundsError
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
__vbaUI1ErrVar
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaUI1I4
__vbaExceptHandler
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
__vbaFPException
__vbaUbound
__vbaLsetFixstrFree
ord644
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaInStr
__vbaVar2Vec
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaAryLock
__vbaVarAdd
ord616
__vbaVarCopy
__vbaFpI4
_CIatan
__vbaStrMove
__vbaAryCopy
__vbaR8IntI4
__vbaStrVarCopy
_allmul
__vbaLenVarB
_CItan
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
__vbaI4ErrVar
__vbaFreeStr

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

Errors

General

Malware Config

Signatures

Files

a55c887e1536a8604ce1210e6d67c776

Headers

File Characteristics

Imports

user32

msvbvm60

Sections

.text Size: 76KB - Virtual size: 73KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 292KB - Virtual size: 288KB

.text
Size: 76KB - Virtual size: 73KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 292KB - Virtual size: 288KB