modiloader | 009630426f2274a881a496e9a7846859_JaffaCakes118 | Triage

Sharing

General

Target

009630426f2274a881a496e9a7846859_JaffaCakes118
Size

89KB
MD5

009630426f2274a881a496e9a7846859
SHA1

34b121ba6cad5a3de7c77892acc1ae1035cd7a4b
SHA256

2195abfd0cb42d42d198cc1aeb4ba6404c6a954a0d1c5efbdcc0b5c75a314b5e
SHA512

c07e5338f0668321486414067c25157b22d4e384336bd676d3793714c89a12fd3902e34ed2bcdee578d721f91e66a851234402ca61219bb8bf1e9f0ee27aed62
SSDEEP

1536:c9qSQ4pmwgvv/iNIeB8tUOLd1AH75YKpO/Y6kJji+GcxmsE70j:MTmDvTeB4USd1AH75YKA8QefE70j

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

Processes:

resource yara_rule

sample modiloader_stage2
Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
009630426f2274a881a496e9a7846859_JaffaCakes118

Files

009630426f2274a881a496e9a7846859_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JmpHookOff
JmpHookOn

Sections

CODE
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ