modiloader | 85af44cf0256de9728c86c078dfcdbc9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

85af44cf0256de9728c86c078dfcdbc9_JaffaCakes118
Size

693KB
MD5

85af44cf0256de9728c86c078dfcdbc9
SHA1

3d8d63a0337199dc3a35c3ba88ca2acdc300631d
SHA256

bb0b649ccf397b5531d54765fc689abd9dcd155db8c29f392b6e642990bd2829
SHA512

12e7997c4439df68bfa6595e8b295fb77b789751a084a1c001fdcdff9f6b110c14dba44fc211866df88cf60a831a23390086981982de31a790255d7ae6305c49
SSDEEP

12288:Jw8INEKT8XOSLDbi+jZdFH1/nrHuyvh9gmpVEbriTowR:mnNE9+SLCenHd6QEmpS3iTLR

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

85af44cf0256de9728c86c078dfcdbc9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:02:30:7e:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10/03/2008, 21:57

Not After

10/06/2009, 22:07

Subject

CN=Microsoft Windows Component Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

11/10/2005, 21:55

Not After

26/04/2010, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

26:82:b0:5c:8a:f5:30:37:de:c8:91:75:f4:92:d6:2b:7d:fe:1b:0b
Signer

Actual PE Digest

26:82:b0:5c:8a:f5:30:37:de:c8:91:75:f4:92:d6:2b:7d:fe:1b:0b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

aaa
Size: 609KB - Virtual size: 609KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

aaa
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

aaa
Size: - Virtual size: 9KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

aaa
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

aaa
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

aaa
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

aaa
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

aaa
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

aaa
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:02:30:7e:00:00:00:00:00:06Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88Certificate

Extended Key Usages

Key Usages

26:82:b0:5c:8a:f5:30:37:de:c8:91:75:f4:92:d6:2b:7d:fe:1b:0bSigner

Headers

File Characteristics

Sections

aaa Size: 609KB - Virtual size: 609KB

aaa Size: 20KB - Virtual size: 20KB

aaa Size: - Virtual size: 9KB

aaa Size: 12KB - Virtual size: 11KB

aaa Size: - Virtual size: 20B

aaa Size: 512B - Virtual size: 24B

aaa Size: - Virtual size: 38KB

aaa Size: 31KB - Virtual size: 31KB

aaa Size: 9KB - Virtual size: 9KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:02:30:7e:00:00:00:00:00:06
Certificate

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

26:82:b0:5c:8a:f5:30:37:de:c8:91:75:f4:92:d6:2b:7d:fe:1b:0b
Signer

aaa
Size: 609KB - Virtual size: 609KB

aaa
Size: 20KB - Virtual size: 20KB

aaa
Size: - Virtual size: 9KB

aaa
Size: 12KB - Virtual size: 11KB

aaa
Size: - Virtual size: 20B

aaa
Size: 512B - Virtual size: 24B

aaa
Size: - Virtual size: 38KB

aaa
Size: 31KB - Virtual size: 31KB

aaa
Size: 9KB - Virtual size: 9KB