modiloader | 359e47d72ff256d37140bf5e87881d82_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

359e47d72ff256d37140bf5e87881d82_JaffaCakes118
Size

14KB
MD5

359e47d72ff256d37140bf5e87881d82
SHA1

50fe9ff1ba78e7cff06b69a6bf488ac574edc02f
SHA256

7892c3b0b10ac32c594022f3dca90685367ab9996b0b3ec883715b7c68169021
SHA512

3dd2048c98c1b23d071d6fdbc0dedc339b3aa7285e128b0a53820f1af0e7c5b2b571de886573ff8a7c397eac6d05ca8ea3c27a8ad1393ab0168c5b5382f407a7
SSDEEP

384:ah+ydlyEvf7bh7qQa8cjBy2aXRYznHRyZmv8:axbhOx8eKo8

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
359e47d72ff256d37140bf5e87881d82_JaffaCakes118

Files

359e47d72ff256d37140bf5e87881d82_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 305B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 770B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ