ServiceMain
Behavioral task
behavioral1
Sample
02006a4eee9f3db806b28d2e3d0ceb54_JaffaCakes118.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
02006a4eee9f3db806b28d2e3d0ceb54_JaffaCakes118.dll
Resource
win10v2004-20240508-en
General
-
Target
02006a4eee9f3db806b28d2e3d0ceb54_JaffaCakes118
-
Size
476KB
-
MD5
02006a4eee9f3db806b28d2e3d0ceb54
-
SHA1
030a2f8163eb205b0c80fc8415d99b7a67410e4b
-
SHA256
c21fe6f266eedd4b3e099f9cf63d72fa156fd432341b2c4751ffa8cdde002654
-
SHA512
a5494fb9400df50647f108bcf7440cfded739cdc4bc178305a1c79d27ed5eb596f9a1b5775e8e6ce2155546bbd839ddd8e7cdf091b868e62caddaf15660a2d7d
-
SSDEEP
12288:iW0Tgvm6uDUwgmGQDZLzj2+QbXl8RfU1ayoUbZC:v6gvm9QTQ02Exb
Malware Config
Signatures
-
ModiLoader Second Stage 1 IoCs
Processes:
resource yara_rule sample modiloader_stage2 -
Modiloader family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 02006a4eee9f3db806b28d2e3d0ceb54_JaffaCakes118
Files
-
02006a4eee9f3db806b28d2e3d0ceb54_JaffaCakes118.dll windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
Exports
Exports
Sections
CODE Size: 419KB - Virtual size: 418KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 6KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 73B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ