ab78b2b021567f0bbbdd8c67358c7e9c_JaffaCakes118

Reason

config extraction: GuloaderBin: guloader: invalid shellcode

General

Target

ab78b2b021567f0bbbdd8c67358c7e9c_JaffaCakes118
Size

3.9MB
MD5

ab78b2b021567f0bbbdd8c67358c7e9c
SHA1

5ab377ed6b2735be6c78638852363fc1968e5b50
SHA256

cf9e6a32ad82f4ad565e2d7e73d3607cb6abb55330c18c6c28c231d036631128
SHA512

71fdd16db80f9109a00e5470df852e904e5b0cd033d2bb1b03c64794d8dd5b810a290a843865674acff0d0ec8bcdbb4aae841415a5dc84c5165d8d25362c0750
SSDEEP

98304:+Z/IGkY5Ih37KYnJLVOfQkYsePmbVtFJLadgcgF4M0e:+ZwY+h7XJL8fQkuKFJctq4M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab78b2b021567f0bbbdd8c67358c7e9c_JaffaCakes118

Files

ab78b2b021567f0bbbdd8c67358c7e9c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

23ed52d567f3f743a06bccdf99bcc1e1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlMoveMemory

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
ord516
_adj_fprem1
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaStrLike
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
__vbaBoolVarNull
_CIsin
ord631
__vbaErase
__vbaVarZero
__vbaChkstk
EVENT_SINK_AddRef
ord527
__vbaGenerateBoundsError
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
__vbaUI1ErrVar
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaExceptHandler
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
ord608
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaLsetFixstrFree
ord644
_CIlog
__vbaErrorOverflow
__vbaInStr
__vbaR8Str
__vbaNew2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaAryLock
__vbaFpI2
ord616
__vbaVarCopy
__vbaFpI4
_CIatan
ord618
__vbaAryCopy
__vbaStrMove
__vbaStrVarCopy
_allmul
__vbaLenVarB
_CItan
__vbaAryUnlock
_CIexp
__vbaMidStmtBstr
__vbaFreeObj
__vbaI4ErrVar
__vbaFreeStr
ord581

Sections

.text
Size: 284KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

Errors

General

Malware Config

Signatures

Files

23ed52d567f3f743a06bccdf99bcc1e1

Headers

File Characteristics

Imports

ntdll

msvbvm60

Sections

.text Size: 284KB - Virtual size: 281KB

.data Size: 4KB - Virtual size: 35KB

.rsrc Size: 3.6MB - Virtual size: 3.6MB

.text
Size: 284KB - Virtual size: 281KB

.data
Size: 4KB - Virtual size: 35KB

.rsrc
Size: 3.6MB - Virtual size: 3.6MB