modiloader | 715ec565f3cece5d979e0fc46a400d4f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

715ec565f3cece5d979e0fc46a400d4f_JaffaCakes118
Size

35KB
MD5

715ec565f3cece5d979e0fc46a400d4f
SHA1

b30873f17159aea4c934f32d5de5f5886c64cfd4
SHA256

c6233cc825d9a198f701bf7e527a6d289c1269af448217ec28418b6514112bc8
SHA512

9d2c1827d0315805d40fad5cd5525bb6ad7f7cd1a0c4abc4d081f90f9f009e1fbd87f852ab3900cbbb8a91daf935b467a90761857db5362f3361298d463a34ed
SSDEEP

768:uyoqYQdSbtXsnpq5OpBlqKbNlEfV578muXb9QuV:ZoqYQdSbtIcOpBlquloaVX6uV

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
715ec565f3cece5d979e0fc46a400d4f_JaffaCakes118

Files

715ec565f3cece5d979e0fc46a400d4f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ