modiloader | 26eeb6e7c89d45c066307de3d8d5ccb7_JaffaCakes118 | Triage

Sharing

General

Target

26eeb6e7c89d45c066307de3d8d5ccb7_JaffaCakes118
Size

1.2MB
MD5

26eeb6e7c89d45c066307de3d8d5ccb7
SHA1

1d95087fefaacc828aac005f87e53f3f7e0a5171
SHA256

57d44ccc7d88330019d60fb72f8be93c1ae1893a79437a18f724ef62c7a5cebd
SHA512

441f0bab37fb242073177d43a86e6d438e1b30387fd038e67849066af77f22becf3ba29c55a27f12b3957effa7dc20402c0816c0be35a4e5a4cb0f1796c40b3c
SSDEEP

24576:sS2Vp6RwT/HLJvHYifLNgbNpU8fBos6x2stEtWT+4f9uDdqA2bxIdJeS:up6STDdZ/8fSTx2RtWT+41ScA2eJeS

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26eeb6e7c89d45c066307de3d8d5ccb7_JaffaCakes118

Files

26eeb6e7c89d45c066307de3d8d5ccb7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\Saraya\Desktop\my Projects\Binder\BinderStub\Binder Stub\Binder Stub\obj\Release\Binder Stub.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 175B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ