modiloader | 755457bc82e9f697d19c7a8d35235ed7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

755457bc82e9f697d19c7a8d35235ed7_JaffaCakes118
Size

91KB
MD5

755457bc82e9f697d19c7a8d35235ed7
SHA1

507e628c42b42c4e2ae890b690384e372b69a70b
SHA256

761ee452b7b44acd58cc011b5f76efe449b14018de6e75c38e0044d5ec7dca8b
SHA512

66441891d1d0d38dd8fdd4b8a754befb46e08d7fef1bf100235f2b4a43f938527160d9d0288736f5d7b5239d0eed067f5050e7679d23fee3646ade5cc6f860ea
SSDEEP

1536:NDNEJqRQb/uzoH9SqIgRsctLMoPrMPAGSiGMPnAa0788WwxPddehs7UcAem:8ISHdBIgx6oUqiGMPnN0788WQP/Lbm

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
755457bc82e9f697d19c7a8d35235ed7_JaffaCakes118

Files

755457bc82e9f697d19c7a8d35235ed7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ