Keeping an eye on CloudEyE (GuLoader) - Reverse engineering the loader

This report provides a hands-on reverse-engineering walkthrough of the CloudEye/GuLoader Visual Basic downloader, demonstrating how to use IDA Pro to find the loader entry, convert embedded data into executable code, remove an XOR-encrypted wrapper, identify resolved APIs (via MSVBVM60 and VirtualAlloc), and extract the decrypted payload; a sample file hash and a small Python script for dumping the unpacked core are included.