modiloader | 628a36ca8fec5dc4a6cb9dcc648c405b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

628a36ca8fec5dc4a6cb9dcc648c405b_JaffaCakes118
Size

649KB
MD5

628a36ca8fec5dc4a6cb9dcc648c405b
SHA1

2758eb2317185edc4e0ec678cef68e7b3bd0ae76
SHA256

5ba8d9fbb5800068177a7c7f41ce524d1d9a3eddb3d025779144d606dd759c0b
SHA512

8ecd43d9daaef64c71e087f57efbdfe79fcf7c0a3c28d12aeec657a97c13291103d522be4d447594ef9c47dff32084a81521ede9e8b1f20716fc1c26dcc7976b
SSDEEP

12288:JRfdPsBWxtfmjjTAKx0FOOC46k+Tmin80PPesFFxMvSC:n1PbfqYKea4Ima8km+m

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
628a36ca8fec5dc4a6cb9dcc648c405b_JaffaCakes118

Files

628a36ca8fec5dc4a6cb9dcc648c405b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ