modiloader | 0cdd112d7d324db999dfe5430b45c319_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0cdd112d7d324db999dfe5430b45c319_JaffaCakes118
Size

2.6MB
MD5

0cdd112d7d324db999dfe5430b45c319
SHA1

a7b6167195af610cefeafe4ce692df300bd82a20
SHA256

c0d1312e2627d1130c7f4209b15044b1b7f1823b9936ba2c39862b752ebb96e9
SHA512

3f8b9c941608e63e9684b8f2231b33882a760d2a27857f7a294cb12bfc1a446076c1027c6afcac024870acac5e85a014577ee044a33d3cabcbd059b612ed6762
SSDEEP

49152:MOAT8zo1C4mZJmBJ8qA5pN9Mk1DEac//////hmtT5vDQ4Hc//////TLlh8E4:MBTncZJmQqABpEac//////hmHDjHc//2

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cdd112d7d324db999dfe5430b45c319_JaffaCakes118

Files

0cdd112d7d324db999dfe5430b45c319_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 327KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 15KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ