modiloader | 249701560c62eb9b32ad0b3091987c27_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

249701560c62eb9b32ad0b3091987c27_JaffaCakes118
Size

246KB
MD5

249701560c62eb9b32ad0b3091987c27
SHA1

11be1e5754db25925cd50bd0929d482787ddd79b
SHA256

17491898ca9dd8ba531692d30a5bbf4088c008a120c5dd077e0ea9f8dd02990e
SHA512

2b2253f1ed4e115b2cc1cff25ac276570ad06b16b835368a850b501aadd37ad820f878e8f85a6fbc9b267f84c1f59170fd743c73dfdf0a66207425aa6a34ba41
SSDEEP

6144:KmgHeXIoHU8kFXWTTJuwxGo3cgpPZb9dGh9:1gH20dhq7oR

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
249701560c62eb9b32ad0b3091987c27_JaffaCakes118

Files

249701560c62eb9b32ad0b3091987c27_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ