modiloader | 850fffedec571c7879caebe7fef1a2ca_JaffaCakes118 | Triage

Sharing

General

Target

850fffedec571c7879caebe7fef1a2ca_JaffaCakes118
Size

608KB
MD5

850fffedec571c7879caebe7fef1a2ca
SHA1

1284b1e93a1b45824086b995b07e5c94f6972ef2
SHA256

689a8442fed5bf172d9d207314977bf77fb799659de23965bdcbf47e6ac77a12
SHA512

bc210c082a899a5e5efcef6fd8fbff2106b91008d27c7dfa0e14fc1c8791adef3cf31bf683f7e9c1cac7496f94b53c5a1afb91ba7d5b5060a25a4ac644adf736
SSDEEP

12288:cUz4wedp9wRYzkTzHFkmGdkj8AcVPRIL7ESh1M/DOJPI1vQ1:cUbixz+rFkm3RcVJi1hqLw6+

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader First Stage 1 IoCs

resource	yara_rule
static1/unpack001/PHGT-ATTACHED_LIST#1506202078473.exe	modiloader_stage1

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PHGT-ATTACHED_LIST#1506202078473.exe

Files

850fffedec571c7879caebe7fef1a2ca_JaffaCakes118
.zip
PHGT-ATTACHED_LIST#1506202078473.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 595KB - Virtual size: 595KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 425KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ