guloader | JaffaCakes118_91aaec2d1612ac14490f1268f1eb255ad8ec8707908990863ce24f1f534c2f9e | Triage

Sharing

General

Target

JaffaCakes118_91aaec2d1612ac14490f1268f1eb255ad8ec8707908990863ce24f1f534c2f9e
Size

860KB
MD5

a6b3296c346ad9393f59d8d4bc1d169e
SHA1

81be26cda19528dbc182de9500c4d786e960fa86
SHA256

91aaec2d1612ac14490f1268f1eb255ad8ec8707908990863ce24f1f534c2f9e
SHA512

138a21723d13ea57cf4d70d764c425c957a372f38f48bda6e7e415ee46291dfd55fb0b9ed829136d02ef7a1a7f3a81c00262d298d9ce37be3d8d8fea13aedee9
SSDEEP

3072:CNRCywDw1DMJvu/emDD8YZvnvsemfpL/v1NpooYYYYYYYYYYJ41YYYYYYYYYYHu:CT4DPg9D5vs9fpjaTuN/6Ff4qScxTpt

Score

10^/10

guloader

Malware Config

Signatures

Guloader family
guloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_91aaec2d1612ac14490f1268f1eb255ad8ec8707908990863ce24f1f534c2f9e

Files

JaffaCakes118_91aaec2d1612ac14490f1268f1eb255ad8ec8707908990863ce24f1f534c2f9e
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 236KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 406KB - Virtual size: 405KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ