modiloader | 28d9ac503bb0083f62034897b4e1b664_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28d9ac503bb0083f62034897b4e1b664_JaffaCakes118
Size

281KB
MD5

28d9ac503bb0083f62034897b4e1b664
SHA1

b3dbce49c3cbae7443db95d0e9b988a40756f6fa
SHA256

b1cb74edbd17e1a8de519328dba32ebf6215308853bb7e6eabc5c8398ac93502
SHA512

5e062154b1deab38acb831c3735c05612da1878a4976fc7d7d8653bccb2ab47b33c6fa832429f1f84c6ad464e9d7d387095a6efe8510ef830a0e70d8bc0baa67
SSDEEP

6144:R5iCvs2MS7mirkXetsf5G1tNTBj9Dqif5L:+CE2MS7mi2B0tNTPp

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28d9ac503bb0083f62034897b4e1b664_JaffaCakes118

Files

28d9ac503bb0083f62034897b4e1b664_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ