modiloader | 3cee9376cb9709a28370edb92b356260_JaffaCakes118

General

Target

3cee9376cb9709a28370edb92b356260_JaffaCakes118
Size

1.3MB
MD5

3cee9376cb9709a28370edb92b356260
SHA1

8354dbdf94d8b8c967f524c6430f6bea74e97d44
SHA256

627b56c7ba2123390f2469e76db8958295e4eb8d34d2d67f31606ef55e208fc6
SHA512

dceca15c4b98bffa5f08475c15a3f3b29760a7f1b98a2759251817f04cc96fdab830f00d9f501c6f1cd59b02f8f5e24505beda5311c6004b4867c40ad02380cb
SSDEEP

12288:+F9iBsMMLd9WX+CJO+7cklpL9EcOBvM1xVLc8+5v4aTXjTSKGg3:+XkZMLzKBJP4kzxOdMlLajeKp

Score

10^/10

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
sample	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3cee9376cb9709a28370edb92b356260_JaffaCakes118

Files

3cee9376cb9709a28370edb92b356260_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

;T/>;<s8
Size: 275KB - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

u%Qe7ep?
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

:3kt4(:l
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ENxlOud+
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

^2x)]eM@
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

"\adM$tr
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

E) @SI$=
Size: 26KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

k*;?e 'g
Size: 13KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ssssss
Size: 165KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

;T/>;<s8 Size: 275KB - Virtual size: 700KB

u%Qe7ep? Size: 4KB - Virtual size: 12KB

:3kt4(:l Size: - Virtual size: 4KB

ENxlOud+ Size: 3KB - Virtual size: 12KB

^2x)]eM@ Size: - Virtual size: 4KB

"\adM$tr Size: 512B - Virtual size: 4KB

E) @SI$= Size: 26KB - Virtual size: 56KB

k*;?e 'g Size: 13KB - Virtual size: 200KB

.ssssss Size: 165KB - Virtual size: 168KB

.adata Size: - Virtual size: 4KB

;T/>;<s8
Size: 275KB - Virtual size: 700KB

u%Qe7ep?
Size: 4KB - Virtual size: 12KB

:3kt4(:l
Size: - Virtual size: 4KB

ENxlOud+
Size: 3KB - Virtual size: 12KB

^2x)]eM@
Size: - Virtual size: 4KB

"\adM$tr
Size: 512B - Virtual size: 4KB

E) @SI$=
Size: 26KB - Virtual size: 56KB

k*;?e 'g
Size: 13KB - Virtual size: 200KB

.ssssss
Size: 165KB - Virtual size: 168KB

.adata
Size: - Virtual size: 4KB