modiloader | 858939387f61f4f876c7f3c7cc55bf0f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

858939387f61f4f876c7f3c7cc55bf0f_JaffaCakes118
Size

678KB
MD5

858939387f61f4f876c7f3c7cc55bf0f
SHA1

eca0e6d3fb3a8198bbc9f4c4425498a3729974b4
SHA256

89ca76c3cee4d4a3ffc8ff162c4d3eb2fcb0acb279404c97e2f7271784e9c74d
SHA512

85f18fc6210a1cf7d37c55a29895cc6efacd1142c7804fba2e39a3ea3b323c75577f5ad5616e162d7930ff0820fec45d6fc3a51ca97440cb97e3683182eced54
SSDEEP

12288:XcWJRg418UGcjdafMUIbEeOQfA3lQHjlePcL0CA5bvTA/M:nLg5UGcBaEU603S4jRlvTKM

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
858939387f61f4f876c7f3c7cc55bf0f_JaffaCakes118

Files

858939387f61f4f876c7f3c7cc55bf0f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

��
Size: 612KB - Virtual size: 612KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

��
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�u��
Size: - Virtual size: 22KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ