modiloader | 2cf21a5dbaa020c6b5965409abb2813d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2cf21a5dbaa020c6b5965409abb2813d_JaffaCakes118
Size

704KB
MD5

2cf21a5dbaa020c6b5965409abb2813d
SHA1

c2f8a9ae773c181145a972b0eea3bbf777707e7f
SHA256

19ac476e22856f247e522374da7fd11f4441e1f8ecd92f2595fd31fadfcdfdbf
SHA512

d818e71044e76eec2250a237909c2038abd969a5dea5bca20e8ffcd114d55ce61bf43929dba0861c0c1532bb4ffa248af53fa8a947016784cd60757c3e36f5d5
SSDEEP

12288:OBQVsKm3V1uzyYVK5gP0Nug+UkLbUhTvpN03uvQl8t9FPT1ebfK4a:CWsBV1uzhK5K0j+FbUhTvPuTejh

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2cf21a5dbaa020c6b5965409abb2813d_JaffaCakes118

Files

2cf21a5dbaa020c6b5965409abb2813d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 612KB - Virtual size: 611KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 7KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ