modiloader | 37b6f0fde8c4cbaccf8d7a853a6ff902_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

37b6f0fde8c4cbaccf8d7a853a6ff902_JaffaCakes118
Size

48KB
MD5

37b6f0fde8c4cbaccf8d7a853a6ff902
SHA1

032c7c543875c1de2e9e9bc18901f5a5993b4bf6
SHA256

9889598601be0ee1d2a4ebd54d63abcc892a7ba32d1b8f15e60f75eb04385311
SHA512

61d91b597cb243035f2730713ed78e6e04ab1a018a1346975cfaa964f16acb3eaa5e90d3c55a20b9f16484a22a41431809d8458be4e4a18d8b491a09e70533f5
SSDEEP

768:3fJ8NRPLw7hKT76QY7SWust96kH25wsfuaxK04UzQ992Zjrqtxmg/7ztKZ:3fwRP6tskH2SS6P2sDma7xK

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37b6f0fde8c4cbaccf8d7a853a6ff902_JaffaCakes118

Files

37b6f0fde8c4cbaccf8d7a853a6ff902_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ