modiloader | 3069fda9823023a7357894de8f997c59_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3069fda9823023a7357894de8f997c59_JaffaCakes118
Size

822KB
MD5

3069fda9823023a7357894de8f997c59
SHA1

8941961b9c690eee83bcdb264061ed44a3d36f7d
SHA256

98a270aaa2b0d057bed4de3c42d588ce0c5f42e7178088d276411b66d1ca7a1b
SHA512

400f1829015d3920e8385c9a2b2c583261a6244abd67da640b9516750225af106f7e6ffbf5159dfd3ed39a01597926d7f9c663fe3a14958bed324692cff066fd
SSDEEP

12288:p6sV2w8bf3zRAAGfrh1gZftfWFYcg0OSjxPere9nqXpUm93sP08B:pF2FDmLo1mYceS7nIJ3ssU

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader First Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage1

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3069fda9823023a7357894de8f997c59_JaffaCakes118

Files

3069fda9823023a7357894de8f997c59_JaffaCakes118
.exe windows:1 windows x86 arch:x86

c9d2c7b974346f8f59fd95afd58349e1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

ExitProcess
VirtualProtect
GetProcAddress
LoadLibraryA
VirtualAlloc
GetCurrentThreadId
GetCommandLineA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
WriteFile
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CloseHandle
FlushFileBuffers

user32

MessageBoxA

Sections

CODE
Size: 607KB - Virtual size: 607KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

LL_CODE
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c9d2c7b974346f8f59fd95afd58349e1

Headers

File Characteristics

Imports

kernel32

user32

Sections

CODE Size: 607KB - Virtual size: 607KB

DATA Size: 7KB - Virtual size: 7KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 9KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 36KB - Virtual size: 35KB

.rsrc Size: 62KB - Virtual size: 62KB

LL_CODE Size: 97KB - Virtual size: 97KB

CODE
Size: 607KB - Virtual size: 607KB

DATA
Size: 7KB - Virtual size: 7KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 36KB - Virtual size: 35KB

.rsrc
Size: 62KB - Virtual size: 62KB

LL_CODE
Size: 97KB - Virtual size: 97KB