modiloader | 0574897933407db7fb67cf6296f558c3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0574897933407db7fb67cf6296f558c3_JaffaCakes118
Size

313KB
MD5

0574897933407db7fb67cf6296f558c3
SHA1

9f9b2e2bee80158ffe54edb7cb610dddc8adce7f
SHA256

f64fc32d0a7ac2fd20e9cd8ca36a45cb1fa0621d614196e2e42f234044b3633b
SHA512

59c67a063f013c10264e61ade036a968df7726b668d4765c4f933c0f72217d0438efee638997ca6c05d9b53d957d18f220e63271852b3730dd25a4ebf67ea770
SSDEEP

6144:S0e+SepundIfex3B0wvUkuySee0g4oa2z3QIm1IrnTfv:Sm6dIAewvNrIgYv

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0574897933407db7fb67cf6296f558c3_JaffaCakes118

Files

0574897933407db7fb67cf6296f558c3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ServiceMain

Sections

CODE
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 70B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ