Behavioral task
behavioral1
Sample
38a07405813e1e3b5326cafb185803c9_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
38a07405813e1e3b5326cafb185803c9_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
38a07405813e1e3b5326cafb185803c9_JaffaCakes118
-
Size
144KB
-
MD5
38a07405813e1e3b5326cafb185803c9
-
SHA1
38c3d39cbc9de4e5d0426a8655fc0b452e0dccad
-
SHA256
3166e6861df43e522bb42a0a79726ac88e0033bf7550e053c9ad241a40723fd7
-
SHA512
5a338c2138c9bdd0d465ee3550acd3ea9f9a1f492d53841f5a6d5d8619d84124f540bb3db661bccd1cadaec46ac79434b629548649b4f5231b881c5b435b4dcd
-
SSDEEP
1536:NpqWQMnFRj1FixSW6c3deZQzZjVE9gEedGfeorA2fBFrrMmYg:1JFzkxSW3NeZCEuyfDrA2f3cmYg
Malware Config
Signatures
-
ModiLoader Second Stage 1 IoCs
resource yara_rule sample modiloader_stage2 -
Modiloader family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 38a07405813e1e3b5326cafb185803c9_JaffaCakes118
Files
-
38a07405813e1e3b5326cafb185803c9_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
Size: 72KB - Virtual size: 72KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 52KB - Virtual size: 52KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE