modiloader | 4bf7f6ebd1aa0ae8534b727db70df626_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4bf7f6ebd1aa0ae8534b727db70df626_JaffaCakes118
Size

2.0MB
MD5

4bf7f6ebd1aa0ae8534b727db70df626
SHA1

b3f38e726ab136cb587f73fac93912b9d133bfdc
SHA256

afb337e04751107f8163671e48ebb2e4258487c6127f0eb3fe791a39efee3f30
SHA512

7866f705f5c55ca8718aef5a8e822ca343eb0436b2fe47e3adfecbc6004421f050bba7849cf545042ebd872643849c904b603cb3c9e21fdc4565a38116880482
SSDEEP

49152:9dZuB9iV1XTnqnj3+rEPsjPhzuLkDyrV:D8B8V1DqnIis9zGiy

Score

10^/10

upx modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4bf7f6ebd1aa0ae8534b727db70df626_JaffaCakes118

Files

4bf7f6ebd1aa0ae8534b727db70df626_JaffaCakes118
.exe windows:4 windows x86 arch:x86

eb730675309b401ae239b8e0dc20c895

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LocalAlloc
GetModuleHandleA
LoadLibraryA
VirtualAlloc
GetModuleFileNameA
ExitProcess

user32

SetCursor
MessageBoxA

advapi32

SetServiceStatus

oleaut32

SysReAllocStringLen

mpr

WNetGetUserA

gdi32

DeleteEnhMetaFile

comctl32

ImageList_DragLeave

shell32

ShellExecuteA

wininet

InternetOpenUrlA

ws2_32

WSAStartup

winmm

waveInAddBuffer

netapi32

Netbios

wsock32

send

avicap32

capGetDriverDescriptionA

msvfw32

DrawDibClose

urlmon

URLDownloadToFileA

Sections

CODE
Size: 611KB - Virtual size: 611KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 20B - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 434KB - Virtual size: 434KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX1
Size: 803KB - Virtual size: 803KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 260B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb730675309b401ae239b8e0dc20c895

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

mpr

gdi32

comctl32

shell32

wininet

ws2_32

winmm

netapi32

wsock32

avicap32

msvfw32

urlmon

Sections

CODE Size: 611KB - Virtual size: 611KB

DATA Size: 19KB - Virtual size: 19KB

BSS Size: 27KB - Virtual size: 27KB

.idata Size: 11KB - Virtual size: 11KB

.tls Size: 20B - Virtual size: 20B

.rdata Size: 24B - Virtual size: 24B

.reloc Size: 37KB - Virtual size: 37KB

.rsrc Size: 32KB - Virtual size: 32KB

.UPX0 Size: 434KB - Virtual size: 434KB

.UPX1 Size: 803KB - Virtual size: 803KB

.reloc Size: 260B - Virtual size: 260B

CODE
Size: 611KB - Virtual size: 611KB

DATA
Size: 19KB - Virtual size: 19KB

BSS
Size: 27KB - Virtual size: 27KB

.idata
Size: 11KB - Virtual size: 11KB

.tls
Size: 20B - Virtual size: 20B

.rdata
Size: 24B - Virtual size: 24B

.reloc
Size: 37KB - Virtual size: 37KB

.rsrc
Size: 32KB - Virtual size: 32KB

.UPX0
Size: 434KB - Virtual size: 434KB

.UPX1
Size: 803KB - Virtual size: 803KB

.reloc
Size: 260B - Virtual size: 260B