modiloader | 83f0559d3dffe9194bb06653baf249d7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

83f0559d3dffe9194bb06653baf249d7_JaffaCakes118
Size

728KB
MD5

83f0559d3dffe9194bb06653baf249d7
SHA1

69664fb4110e0549a6d08f6e2d3600e6d8f4cc1f
SHA256

740564f223b0b68ca6b123694eef4268ae575596f0dfcaa59f218c853aff15c9
SHA512

26d85e8bc19ab7ea4973bb9cf62f1ba3c372c55d9c8d9e627387f10971148dbfc287aebe24b8b9c59d04d4679f6c85370c44f71966c7eeccf784493302657efe
SSDEEP

12288:8glx4CxSr1hKdOactGbPbo9Lb9zqj5flnyw1pra6iGR/Tkul:zljx81hKdOalbPbo9H9W7yw11iGR/Tki

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
83f0559d3dffe9194bb06653baf249d7_JaffaCakes118

Files

83f0559d3dffe9194bb06653baf249d7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c6da9690f666fa4146b9381dbb95392d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
SetFilePointer
FreeResource
GetLocalTime
CreateFileA
LoadResource
FindResourceA
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetStartupInfoA

user32

wsprintfA

msvcrt

memset
??2@YAPAXI@Z
strlen
_exit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter

Sections

.text
Size: 4KB - Virtual size: 940B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 712KB - Virtual size: 709KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ