modiloader | e299aeed10281238184821a29cd11c4d_JaffaCakes118 | Triage

Sharing

General

Target

e299aeed10281238184821a29cd11c4d_JaffaCakes118
Size

962KB
MD5

e299aeed10281238184821a29cd11c4d
SHA1

64feea38c46b8fda1901288fe23dafdf739ae435
SHA256

122f122f73a7fbd675a14e06e37d9b4c4052f729207643b6073677668f273aaa
SHA512

caba5758dde0d4e4459a9543601210798c3287bae8e9d24d06d94b615a6a4380dd24495a9a25dc31dfdd955971a4c37064fd70bb8ac163256337e75581d54be0
SSDEEP

12288:gN+fIrlsR5sdq5LthKtQAADV0DsJ56+p0DZIQlh+0jjjL469k:gCp5sdqJKtCxuaJgZRvjs69

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e299aeed10281238184821a29cd11c4d_JaffaCakes118

Files

e299aeed10281238184821a29cd11c4d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

avc0
Size: 589KB - Virtual size: 589KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

avc1
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

avc2
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

avc3
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

avc4
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

avc5
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

avc6
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

avc7
Size: 353KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE