modiloader | 46228cf7b7c9b2ab84af5d3c514df625_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

46228cf7b7c9b2ab84af5d3c514df625_JaffaCakes118
Size

88KB
MD5

46228cf7b7c9b2ab84af5d3c514df625
SHA1

06d7caa0a2b639c2385228748c8187dc4f15b984
SHA256

2dbc9bd64070b5edb88bcb63a2e0b6da4ccc1444ad9dcdbaad5169fd86f43b6c
SHA512

f7ffa916d83f5e81ee28f33aac281dd7136d61cb60f9d27fc19f4cce13a71c2f7c8008e7117b1fe4cab7a3fed1f4c33a39b33e74b6c1f49c39a5029b12ee37e5
SSDEEP

1536:M9qSQ4pmwgv3KXG3lHDFnK1zRZ8mHz+on5FxB3wbBDU4Skmsh78RM05:cTmD4ejFK1zRZ8zW5MB1Rfh7eM05

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46228cf7b7c9b2ab84af5d3c514df625_JaffaCakes118

Files

46228cf7b7c9b2ab84af5d3c514df625_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JmpHookOff
JmpHookOn

Sections

CODE
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ