guloader | 447e219cbcf80fe536012830c93fe9bb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

447e219cbcf80fe536012830c93fe9bb_JaffaCakes118
Size

56KB
MD5

447e219cbcf80fe536012830c93fe9bb
SHA1

ac18fc15619593a1b04f4ee7f3fbb29e6d111739
SHA256

e5d04269b3068a1ee1a5567726af0d79a6307ec7e4ffaa47c4492a3ae6181a16
SHA512

8c39cae867d01389bce9ddad542f951fa0e2bd8f5439c3ab0a80c0296b97b3f4a659198fcfc3220182aa31dd413c530e1e676b574c42e04919ebed88454260a2
SSDEEP

768:TQx0SU/c14V5/LIwSikmLLJxvdOlsz51SQ1q:UUwILI5iLLLUez5Q

Score

10^/10

guloader

Malware Config

Extracted

Family

guloader

https://viva-fred.cf/vvd2.bin

xor.base64

Signatures

Guloader family
guloader
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

447e219cbcf80fe536012830c93fe9bb_JaffaCakes118

resource
447e219cbcf80fe536012830c93fe9bb_JaffaCakes118

Files

447e219cbcf80fe536012830c93fe9bb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d2d10c3c1be1fd582becbb90a8e4ffbf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
ord695
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
ord516
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
ord662
ord557
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaLateMemSt
ord592
ord594
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaCyStr
ord705
_CIsin
ord709
ord631
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaObjVar
_adj_fpatan
ord677
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaFpCmpCy
__vbaExceptHandler
ord711
ord713
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaDateVar
ord536
ord537
ord538
_CIlog
__vbaNew2
__vbaR8Str
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
ord680
__vbaI4Str
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaI4Var
ord689
ord610
__vbaVarAdd
__vbaInStrB
ord614
ord616
__vbaLateMemCallLd
_CIatan
__vbaStrMove
__vbaUI1Str
__vbaAryCopy
_allmul
ord544
ord652
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

d2d10c3c1be1fd582becbb90a8e4ffbf

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 44KB - Virtual size: 41KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 44KB - Virtual size: 41KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB