5f4645990f4a5afb22d033b4f0241c0f_JaffaCakes118

Reason

config extraction: GuloaderBin: guloader: invalid shellcode

General

Target

5f4645990f4a5afb22d033b4f0241c0f_JaffaCakes118
Size

2.3MB
MD5

5f4645990f4a5afb22d033b4f0241c0f
SHA1

80b4ca7e293262d3e01f34bd1966656a88e2aecb
SHA256

d3d15439869b68579e64da5b7bc52421d1c4bd74083ab8d8e14770cc7d79d055
SHA512

db92f00f483115782db401ef5779f860ff17e6873227b05cdeef9608eb0556d123a5b85f58c003a9400d1e9c25290a2d44ea379c0d7400e61c77afafed0abed6
SSDEEP

24576:AQIkC5eL+JS0oHinW9oodiK0iLTNwpcOt4x1eCWlkYcll/iqKzlJn:AQIH5CHinW9oodiK0iwz6xL/iqYlJn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f4645990f4a5afb22d033b4f0241c0f_JaffaCakes118

Files

5f4645990f4a5afb22d033b4f0241c0f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6bbb506e70862ee7e54ec3cd703ffaf6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarSub
__vbaStrI2
__vbaNextEachAry
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
ord588
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord516
ord517
__vbaStrErrVarCopy
_adj_fprem1
ord519
__vbaResume
__vbaCopyBytes
__vbaStrCat
ord660
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
ord557
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaLateMemSt
EVENT_SINK2_Release
__vbaForEachCollObj
__vbaExitProc
__vbaFileCloseAll
ord301
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
ord599
__vbaFpR4
__vbaForEachCollVar
ord307
__vbaFpR8
_CIsin
ord631
__vbaErase
__vbaNextEachCollObj
__vbaVarZero
ord525
__vbaChkstk
__vbaFileClose
__vbaCyVar
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaPutOwner3
__vbaVarTstEq
__vbaNextEachCollVar
__vbaObjVar
ord561
__vbaI2I4
DllFunctionCall
__vbaVarLateMemSt
__vbaFpUI1
__vbaCastObjVar
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaR4Cy
Zombie_GetTypeInfoCount
__vbaRedim
EVENT_SINK_Release
__vbaNew
ord600
ord601
__vbaUI1I2
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaUI1I4
__vbaExceptHandler
ord711
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord607
__vbaI2Str
ord714
__vbaFPException
__vbaInStrVar
ord319
__vbaGetOwner3
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaCheckType
__vbaI2Var
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
ord570
__vbaInStr
__vbaVarLateMemCallLdRf
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
EVENT_SINK2_AddRef
__vbaI4Str
ord681
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
ord100
__vbaI4Var
__vbaForEachAry
__vbaLateMemCall
__vbaVarAdd
__vbaAryLock
ord320
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaFpI2
__vbaVarLateMemCallLd
__vbaFpI4
ord616
__vbaLateMemCallLd
_CIatan
__vbaAryCopy
__vbaCastObj
__vbaStrMove
_allmul
__vbaLateIdSt
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

Errors

General

Malware Config

Signatures

Files

6bbb506e70862ee7e54ec3cd703ffaf6

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.data Size: 4KB - Virtual size: 28KB

.rsrc Size: 32KB - Virtual size: 28KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.data
Size: 4KB - Virtual size: 28KB

.rsrc
Size: 32KB - Virtual size: 28KB