modiloader | 7429ffcde3bc20fffc79dee84af42cfc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7429ffcde3bc20fffc79dee84af42cfc_JaffaCakes118
Size

13KB
MD5

7429ffcde3bc20fffc79dee84af42cfc
SHA1

6ad4f893b98d6bfc50407e12bffcb57aa1aea4ed
SHA256

c20e8d2509b2215db7d8cd22c0d3ad20be74bb34708591895bade250e41ff88c
SHA512

c1ade226916f2f1cf3efa84955b2e146379d75a43fd952a82b7cc1ab69373eb3067317692a7c780cf500e326ff2c7365aebee8c5e29975d51f33421e83f46b52
SSDEEP

192:nbFeN4MIL88t0Joxid0lRVFpoLJcQQ9u/HNNAEl+jNK0lxye48:bm4MIFt0JNd0c/HNNAEuhlxy9

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7429ffcde3bc20fffc79dee84af42cfc_JaffaCakes118

Files

7429ffcde3bc20fffc79dee84af42cfc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ