modiloader | 3c39ba1f4f89e76be27714f0cdbb8e03_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3c39ba1f4f89e76be27714f0cdbb8e03_JaffaCakes118
Size

703KB
MD5

3c39ba1f4f89e76be27714f0cdbb8e03
SHA1

8ea4fb14ae3510ce0f5a9a80cd64f822f188af42
SHA256

4b5b66f0d329632e682a8356427f068479d4c8353c65fe67b7cf89586ad872ab
SHA512

00ec79c01d8c9ac679cfcbcefa8b0264aa0c34825869bce5aca6371964764a2e4e202a3d9295d971fa70d46ceaa6e81ec0ae13b33c0fa6d09022ccdc82b826fc
SSDEEP

12288:7ugl095nSxHxzsFb+4pbzsUn7TFLtoocMz/RETLTbgJat:Ky0XSxH9so4pHZNBttWLT0at

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

3c39ba1f4f89e76be27714f0cdbb8e03_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/10/2008, 21:24

Not After

22/01/2010, 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

18:e3:f0:e6:ba:be:32:36:38:b6:01:1e:ae:37:cc:11:90:b9:cd:17
Signer

Actual PE Digest

18:e3:f0:e6:ba:be:32:36:38:b6:01:1e:ae:37:cc:11:90:b9:cd:17

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 608KB - Virtual size: 608KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:06:27:81:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

18:e3:f0:e6:ba:be:32:36:38:b6:01:1e:ae:37:cc:11:90:b9:cd:17Signer

Headers

File Characteristics

Sections

CODE Size: 608KB - Virtual size: 608KB

DATA Size: 31KB - Virtual size: 31KB

BSS Size: - Virtual size: 27KB

.idata Size: 12KB - Virtual size: 11KB

.tls Size: - Virtual size: 20B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 39KB

.rsrc Size: 35KB - Virtual size: 36KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:06:27:81:00:00:00:00:00:08
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

18:e3:f0:e6:ba:be:32:36:38:b6:01:1e:ae:37:cc:11:90:b9:cd:17
Signer

CODE
Size: 608KB - Virtual size: 608KB

DATA
Size: 31KB - Virtual size: 31KB

BSS
Size: - Virtual size: 27KB

.idata
Size: 12KB - Virtual size: 11KB

.tls
Size: - Virtual size: 20B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 39KB

.rsrc
Size: 35KB - Virtual size: 36KB