modiloader | 5e794243dd33ad90ddfbe24fa0d15e02_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5e794243dd33ad90ddfbe24fa0d15e02_JaffaCakes118
Size

825KB
MD5

5e794243dd33ad90ddfbe24fa0d15e02
SHA1

bb4ba31ba1bafad8eea4c0fba8492f8dc7a34319
SHA256

e1abb18eaf0075e2c505491fb796214773596c562b80acb8e94479fdc92d286a
SHA512

f333cf6beed4f89973dd042403aacf3ef2f3e2228482e615866b5fd308b92eaa3aa33c15b79dce63fb8e2b78b4d8b0022ee319fd582a20cd502355060704f645
SSDEEP

12288:+zXM72Ee4ph9WaUXS9uyykwFkTBU8mXteeMKXB4wg6SKYNF9IZY:R72fWiCiF8u8mXrpB4eSKdY

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader First Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage1

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e794243dd33ad90ddfbe24fa0d15e02_JaffaCakes118

Files

5e794243dd33ad90ddfbe24fa0d15e02_JaffaCakes118
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.avp
Size: 687KB - Virtual size: 740KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 119KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 4B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE