modiloader | 02006a4eee9f3db806b28d2e3d0ceb54_JaffaCakes118 | Triage

Sharing

General

Target

02006a4eee9f3db806b28d2e3d0ceb54_JaffaCakes118
Size

476KB
MD5

02006a4eee9f3db806b28d2e3d0ceb54
SHA1

030a2f8163eb205b0c80fc8415d99b7a67410e4b
SHA256

c21fe6f266eedd4b3e099f9cf63d72fa156fd432341b2c4751ffa8cdde002654
SHA512

a5494fb9400df50647f108bcf7440cfded739cdc4bc178305a1c79d27ed5eb596f9a1b5775e8e6ce2155546bbd839ddd8e7cdf091b868e62caddaf15660a2d7d
SSDEEP

12288:iW0Tgvm6uDUwgmGQDZLzj2+QbXl8RfU1ayoUbZC:v6gvm9QTQ02Exb

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

Processes:

resource yara_rule

sample modiloader_stage2
Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
02006a4eee9f3db806b28d2e3d0ceb54_JaffaCakes118

Files

02006a4eee9f3db806b28d2e3d0ceb54_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ServiceMain

Sections

CODE
Size: 419KB - Virtual size: 418KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 73B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ