guloader | JaffaCakes118_d3d34995baf8192ff7102e374284a5fb9050f9c576a11a16870fe222b386c8fa | Triage

Sharing

General

Target

JaffaCakes118_d3d34995baf8192ff7102e374284a5fb9050f9c576a11a16870fe222b386c8fa
Size

860KB
MD5

3337c44b6dd2652226e4bc095d3db9d0
SHA1

bdf96b51a43781547448f7a393de50ff5ee10cdd
SHA256

d3d34995baf8192ff7102e374284a5fb9050f9c576a11a16870fe222b386c8fa
SHA512

440316b3b02ca12e10d5ce7794d7816311c3d06e6ce3771e9e2a9d40ddcb9a6546a362fbf78999431ca6a643ea3f2ca17d8456d014774f978de811a06fcf4bb7
SSDEEP

6144:CT4D2o9O2NFs9YzjaTuNujdFwGVQvcTpt:CTK9XFs9WwdFwS7TP

Score

10^/10

guloader

Malware Config

Signatures

Guloader family
guloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_d3d34995baf8192ff7102e374284a5fb9050f9c576a11a16870fe222b386c8fa

Files

JaffaCakes118_d3d34995baf8192ff7102e374284a5fb9050f9c576a11a16870fe222b386c8fa
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 236KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 406KB - Virtual size: 405KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ