modiloader | 42086eca89f3a415136472059f9396d0_JaffaCakes118 | Triage

Sharing

General

Target

42086eca89f3a415136472059f9396d0_JaffaCakes118
Size

388KB
MD5

42086eca89f3a415136472059f9396d0
SHA1

de99a12d632f0b958d2d988c5286a81b4038b716
SHA256

751ff4ca2985c7b45f7a0da3b76b87ae95f7586ae9bb650a59762ed428365c30
SHA512

73589349d9f548e6bbae7ff2c81b2b3733958bb27cf4c98a1ca07f8119a1b11cd7cb00b823529a598976172b3e9eff7bd6eb12b305f531850fe456c18c630533
SSDEEP

6144:92uqT3MQ1b8kYlZn5EvRkBDq5CUh5Xp+aR9Mg1CmrW61m66QYK+JvlB:xqT3n1b8kieuB2C0v+ajZW616jZB

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

Processes:

resource yara_rule

sample modiloader_stage2
Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
42086eca89f3a415136472059f9396d0_JaffaCakes118

Files

42086eca89f3a415136472059f9396d0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ