modiloader | 38cf40faca842fe7d8c283fd473086d2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

38cf40faca842fe7d8c283fd473086d2_JaffaCakes118
Size

33KB
MD5

38cf40faca842fe7d8c283fd473086d2
SHA1

cdd510e1e0dffba6f4599b1b086199c737c813d4
SHA256

fbb50f80bcfb63a97ad9205ba2e3dd36f9459eff9a4a08ff22e1f644c321f763
SHA512

199781c7428e2d414eaf6c32194c9589a7205d82521879a7535e6837f091bb7e29c7f27d00e41b6079f5718e49e1656d74ca88d3096fa8672bc44753ed6c5073
SSDEEP

768:Coi4qZOLQNwdXcBq5OpBlaKr91EPFfE3ZEdAICYa9qY9QuV:Cv4qZyQNwdcUOpBlaO1ofsZkAICYa+uV

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38cf40faca842fe7d8c283fd473086d2_JaffaCakes118

Files

38cf40faca842fe7d8c283fd473086d2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ