a236375e3c748bbc3a58b507fb1a4caf_JaffaCakes118

Reason

config extraction: GuloaderBin: guloader: invalid shellcode

General

Target

a236375e3c748bbc3a58b507fb1a4caf_JaffaCakes118
Size

260KB
MD5

a236375e3c748bbc3a58b507fb1a4caf
SHA1

b29469d8cc4228dd3e6a6c7e13f08fa4c168ba90
SHA256

614f99692f6026b8488bcdff11a16db677a4f14c1def38ecaeacf37d90e306a3
SHA512

a7f74a9ee9b0fd6887d2d45f793a625fa04e674b4db53ddf0515320edaf5912555f1ebc13d538b1426f74534e94ef3bf2d40acce438f6452860a88b5bb187c0c
SSDEEP

3072:qSto3BqOyg1bvgR631TFgo0VsfrDV5045/6bn/bFow7nEbxQX5Fd7F3b1RS33f88:ggUaOrDlCjOw7EUrd7F3be3ErTxZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a236375e3c748bbc3a58b507fb1a4caf_JaffaCakes118

Files

a236375e3c748bbc3a58b507fb1a4caf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

85a83a1c4c59e58f23a6a67428ffc4aa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarXor
__vbaAryDestruct
__vbaVarForInit
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaBoolVarNull
_CIsin
__vbaErase
__vbaVarCmpGt
__vbaVarZero
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaAryConstruct2
DllFunctionCall
__vbaLbound
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaUbound
__vbaStrVarVal
__vbaI2Var
ord537
_CIlog
__vbaErrorOverflow
__vbaVar2Vec
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarAdd
__vbaAryLock
__vbaVarDup
__vbaVarCopy
_CIatan
__vbaUI1Str
__vbaStrMove
_allmul
_CItan
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaI4ErrVar
__vbaFreeStr

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

Errors

General

Malware Config

Signatures

Files

85a83a1c4c59e58f23a6a67428ffc4aa

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 72KB - Virtual size: 71KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 180KB - Virtual size: 177KB

.text
Size: 72KB - Virtual size: 71KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 180KB - Virtual size: 177KB