modiloader | 65b9130324abd8c5a802f5422fa60e88_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

65b9130324abd8c5a802f5422fa60e88_JaffaCakes118
Size

17KB
MD5

65b9130324abd8c5a802f5422fa60e88
SHA1

ca6590f37882e0752544cd2e7160d0c968fb9935
SHA256

b36c754d154ba74bafa17ae971010cd1b0eb979a1a766333776c05b5920eb95f
SHA512

7fefe2f732bb64a956508e5b94ac88cb86ac37bfb9f7d2b21bbd9e5a924a3455afd7e2405c9d7a8531ee1517272a93ca54334c02f66a8935a9edc9a5133c1359
SSDEEP

384:Vx0icxqsWQ279yJfGkJ6WjDkg/m3zUlD4a:Uicxq/QIUGkJ6WIjUl

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
65b9130324abd8c5a802f5422fa60e88_JaffaCakes118

Files

65b9130324abd8c5a802f5422fa60e88_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

CreateProcessEx

Sections

CODE
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 986B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 79B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ