guloader | JaffaCakes118_61b0c23817191551450282f600447e54a47297c2685eec81598a3daf63b16155 | Triage

Sharing

General

Target

JaffaCakes118_61b0c23817191551450282f600447e54a47297c2685eec81598a3daf63b16155
Size

68KB
MD5

0162ff949c8c278e62c3eb57fd510d42
SHA1

dd8a4d3bd394bd1f5492640a8a26722110d58e03
SHA256

61b0c23817191551450282f600447e54a47297c2685eec81598a3daf63b16155
SHA512

f1bbecc6a7e4c4b38a76826d202aeae590c94fde92391b120f52ff7584be13e4b0230aa62f3efdcf3bcb7279dfe949bc319506a9f7af8df1a24dab5bb18a868d
SSDEEP

768:jwXBOpfK7ckw8TfuXZcYqomMjk5Nw7HqeuMmPAPkGB02WQq0/o4JCChP:jwsK7ck/zuXZAMCiq1Mm4nBPWQjo4Jd

Score

10^/10

guloader

Malware Config

Extracted

Family

guloader

C2

https://onedrive.live.com/download?cid=1B6E6032CE5E4651&resid=1B6E6032CE5E4651%212074&authkey=AOvT7-22YNVt_qw

xor.base64

Signatures

Guloader family
guloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_61b0c23817191551450282f600447e54a47297c2685eec81598a3daf63b16155

Files

JaffaCakes118_61b0c23817191551450282f600447e54a47297c2685eec81598a3daf63b16155
.exe windows:4 windows x86 arch:x86

a7169ee99f8c63316b5ba8410ba46033

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
ord557
_adj_fdiv_m32
ord591
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
ord706
_CIsin
__vbaChkstk
ord633
EVENT_SINK_AddRef
__vbaStrCmp
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaVarDup
ord617
_CIatan
__vbaStrMove
_allmul
ord544
_CItan
ord546
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ