modiloader | 38a07405813e1e3b5326cafb185803c9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

38a07405813e1e3b5326cafb185803c9_JaffaCakes118
Size

144KB
MD5

38a07405813e1e3b5326cafb185803c9
SHA1

38c3d39cbc9de4e5d0426a8655fc0b452e0dccad
SHA256

3166e6861df43e522bb42a0a79726ac88e0033bf7550e053c9ad241a40723fd7
SHA512

5a338c2138c9bdd0d465ee3550acd3ea9f9a1f492d53841f5a6d5d8619d84124f540bb3db661bccd1cadaec46ac79434b629548649b4f5231b881c5b435b4dcd
SSDEEP

1536:NpqWQMnFRj1FixSW6c3deZQzZjVE9gEedGfeorA2fBFrrMmYg:1JFzkxSW3NeZCEuyfDrA2f3cmYg

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38a07405813e1e3b5326cafb185803c9_JaffaCakes118

Files

38a07405813e1e3b5326cafb185803c9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE