modiloader | 317f9b9ea6731269f1841dc310c590d8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

317f9b9ea6731269f1841dc310c590d8_JaffaCakes118
Size

311KB
MD5

317f9b9ea6731269f1841dc310c590d8
SHA1

e0bfe1b769ba79e78c3b7ce64a8dd642a0db662d
SHA256

515de60067098818b1b252329a8abf9b01e23b301ebcceef014916bddf0cc9a8
SHA512

fe871337d335e6aa839137da932189ce4d83f12245cb9b428ad1dafb684b364f4f11fff6dc063d79a31a7af8bd5e79e07967420d0cb6e1bc49ecc78951302c98
SSDEEP

6144:Dse1WQrogEhJWHKiUvvUkek36jVsVGPtozTBxE:wlQrUWHKDvZ6jOgozT

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
317f9b9ea6731269f1841dc310c590d8_JaffaCakes118

Files

317f9b9ea6731269f1841dc310c590d8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

test
test1
test2

Sections

CODE
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 102B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ