modiloader | 157424a698b97ca158d2334c9280d985_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

157424a698b97ca158d2334c9280d985_JaffaCakes118
Size

707KB
MD5

157424a698b97ca158d2334c9280d985
SHA1

f4ce23e316f66d14031bfbd71efc365d6bf96358
SHA256

b8841119bb4b60816cd08f966ebda3275e42b3af6337b13153f22dd8ef6a14d6
SHA512

ed64b40b547ca55c672f46ee06a7c364b2939a30aa3b35002e6c2a3a58669ad77a45c2fc0988757eca4e519a5c4f7995d630d5552324c366212782c0830613a0
SSDEEP

12288:eqBT5cyqc+BPpihCLCo4PavYQTwUfhk0YPOI:eqBTalLjvwUfhkDPOI

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
157424a698b97ca158d2334c9280d985_JaffaCakes118

Files

157424a698b97ca158d2334c9280d985_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CoDe
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dAtA
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.iDaTa
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TLS
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RDaTa
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ReLoC
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.RsRc
Size: 693KB - Virtual size: 693KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ