modiloader | 5bf4c33c9f5c3a2770f2ea4d7c95cc0e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5bf4c33c9f5c3a2770f2ea4d7c95cc0e_JaffaCakes118
Size

1.2MB
MD5

5bf4c33c9f5c3a2770f2ea4d7c95cc0e
SHA1

4a526594518003bdc263f177dedc6889f26803bf
SHA256

87545e4c80d515171b38d68732fd7cf3b45912ec77f61d5269d03b0a65a4db47
SHA512

13140f7577f632bbcf2d74b0dbd23acf09007eb3760e60eacbb02c844e8aa8c64de3d77b03847f567403687b2d0aa2d2f120f4be80c6f1ab71a84c60d8fedb36
SSDEEP

24576:OIynhn+SdS8Yf6JhSCVCUi8Pi/PM44Hlu+Q5Kl4UWz4ew3fy8IlQ2uQ9KX:Waf6Jh5KKlxeYIlQ6

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bf4c33c9f5c3a2770f2ea4d7c95cc0e_JaffaCakes118

Files

5bf4c33c9f5c3a2770f2ea4d7c95cc0e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ