modiloader | 782f0c41f8746e2e0bda99ac3d01dd9e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

782f0c41f8746e2e0bda99ac3d01dd9e_JaffaCakes118
Size

20KB
MD5

782f0c41f8746e2e0bda99ac3d01dd9e
SHA1

223e65fb189e29744264a736ead4375d261cbd6e
SHA256

3faa8e367a8a1ec4bbf1b25d9553ee22668d0e3cb225acf799262c64412f024d
SHA512

22b5f4e9236d031effd7a2db914854424079254c711b416d2ffb9eb2fba4ac3d4622624a4cd531d1bd1d2b8a9571b6ea2b3b029f200749ad6a34fd1305d175d9
SSDEEP

384:bx0C0xqjI6GQGkt1+NMxtMZ/P1UjNRE9sm3z2whT9:2CAqjWQHf+7Z/Pqj/E9Fj

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
782f0c41f8746e2e0bda99ac3d01dd9e_JaffaCakes118

Files

782f0c41f8746e2e0bda99ac3d01dd9e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ