modiloader | 3a225337b8471fc19fc1f8a312eca443_JaffaCakes118 | Triage

Sharing

General

Target

3a225337b8471fc19fc1f8a312eca443_JaffaCakes118
Size

997KB
MD5

3a225337b8471fc19fc1f8a312eca443
SHA1

8ad569ecfe7b08c4448f51d44281bc6415a230fe
SHA256

a395ba3cd3b7abe963d015a6bf75d007a05a73f9f489afa8a63017246f17b4b0
SHA512

ba8128e3d4e471a035bfcfe34c017b14d8888c6bd6e3761778ef5f5867c335ebdb8a14f39dfa4586c9ffee48bdc5c6821381c9916e68916e2cf1fb92b5d4f13f
SSDEEP

24576:aK2eas1USImasIwPuIaSToQmXYeSBiAUFF:aK2KUSAmnHT1mnSBiAU

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a225337b8471fc19fc1f8a312eca443_JaffaCakes118

Files

3a225337b8471fc19fc1f8a312eca443_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 15KB - Virtual size: 724KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 657KB - Virtual size: 660KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 319KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE