guloader | JaffaCakes118_475e624dc59a603a5e6c4dbfa4a0f9fc7fd694e684f0d0a360fb29759827ce77 | Triage

Sharing

General

Target

JaffaCakes118_475e624dc59a603a5e6c4dbfa4a0f9fc7fd694e684f0d0a360fb29759827ce77
Size

860KB
MD5

4a4cf70a584cf9656b0f603179df5845
SHA1

3a2e9a2505afd2d8949b9267fe1b1b289eaaac7b
SHA256

475e624dc59a603a5e6c4dbfa4a0f9fc7fd694e684f0d0a360fb29759827ce77
SHA512

05f56de56cc57cfa7a090b9fb62492c0705e1b4260ca1fe389f4096287a904e01d566b1198198bbaacb9877566e13c2ff524160b385b4e21dfafcf3d945bf8fb
SSDEEP

3072:CNRCywDw1D7JXugemzQ8EYxNDNvKvsembXL/v1NpooYYYYYYYYYYJ41YYYYYYYYc:CT4DoD9zjas9bXjaTuNcoNt9Tpt

Score

10^/10

guloader

Malware Config

Signatures

Guloader family
guloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_475e624dc59a603a5e6c4dbfa4a0f9fc7fd694e684f0d0a360fb29759827ce77

Files

JaffaCakes118_475e624dc59a603a5e6c4dbfa4a0f9fc7fd694e684f0d0a360fb29759827ce77
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 236KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 406KB - Virtual size: 405KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ