modiloader | 2569482d005632dafbae24a793650c69_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2569482d005632dafbae24a793650c69_JaffaCakes118
Size

1.0MB
MD5

2569482d005632dafbae24a793650c69
SHA1

49377d104e183c72e6c7c138dff83b3d7af2419c
SHA256

b6095eaa07da8c6d276d2b5306f730273d63ba7e46149d5be7a561c01e893dfa
SHA512

ace8ecb30384a6702dac188fe6f26d6dcbb9b01eca2fbae33695af710ffa9204824715bbd3ca0c61c3b96c669b9877e136bf5741bfe72c0f66c22d2ba91fc89f
SSDEEP

24576:+t/g2Unid1PETUb6lvXfGr8evGF9MbRpMLb:k/VbPETU4vvKG3MlU

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2569482d005632dafbae24a793650c69_JaffaCakes118

Files

2569482d005632dafbae24a793650c69_JaffaCakes118
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.itext
Size: 1KB - Virtual size: 888KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.entry
Size: - Virtual size: 975.0MB

.tss
Size: - Virtual size: 444KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rbss
Size: 930KB - Virtual size: 932KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE