modiloader | 3dea372c8286f4a6b365b346784f182a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3dea372c8286f4a6b365b346784f182a_JaffaCakes118
Size

665KB
MD5

3dea372c8286f4a6b365b346784f182a
SHA1

e1a456c33f40c0d42098b5568c018288510f0bbe
SHA256

66d0c06f47ed071f002ea9f971f1dde0c339ceb4162a62fb9ab6c79e0f791e6c
SHA512

e8f8134a83ba2af1fdd1da569104f66adcfb1139550f647bc8ad8532923e89c1ae82b382a744ac008e03f82e0c02128a47606e7bd5a41159fd52f08873424138
SSDEEP

12288:6USZ6lVrCdN8ca4V+edBBnRoFJYCLR9YTLeOsTYM:6jwXCDtJVD9aJLNueOsTY

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3dea372c8286f4a6b365b346784f182a_JaffaCakes118

Files

3dea372c8286f4a6b365b346784f182a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

��
Size: 600KB - Virtual size: 604KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

�m��
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�j��
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�e��
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�i��
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 19B - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�k��
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ