modiloader | 8e01c07867ea9bc53ce7a998669c596a_JaffaCakes118

General

Target

8e01c07867ea9bc53ce7a998669c596a_JaffaCakes118
Size

70KB
MD5

8e01c07867ea9bc53ce7a998669c596a
SHA1

4c6a67a2c597ff3b28be9f5bb4c2093a332f6b7f
SHA256

21769e7c4bf766854588cf8086c14d5f28fd8796d39ab9056a9dabc0aa2dc83f
SHA512

ccb31203bc5650c35431a3f2d8383be6134bd66293a576690af545bbb91ab4605549f0ce72923dbdff222175f989de3079116490b95c7e39133e1f7fbd006b47
SSDEEP

768:dIpMZLNL8aaLiyktfkOgRyRj0VDgaeTKjQoaj8fXKSCquMH0GQuJIq5OpBl+gROU:hZLNLalDc6Kmsof1CquMH0GQ2OpBl+

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e01c07867ea9bc53ce7a998669c596a_JaffaCakes118

Files

8e01c07867ea9bc53ce7a998669c596a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b91c78d9e864b804cc34e44a9c73a396

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord823

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
exit
strncmp
fopen
fwrite
fclose
_except_handler3
_strcmpi

kernel32

FindResourceA
GetStartupInfoA
ExitProcess
CreateRemoteThread
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
OpenProcess
WinExec
_lclose
_lwrite
_lcreat
GetModuleFileNameA
GetSystemDirectoryA
LockResource
LoadResource
SizeofResource
lstrlenA
GetLastError
CopyFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateFileA
DeleteFileA
GetCurrentDirectoryA
Sleep

advapi32

SetServiceStatus
CloseServiceHandle
RegOpenKeyExA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
RegCloseKey
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
RegOpenKeyA
RegSetValueExA

shell32

ShellExecuteA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b91c78d9e864b804cc34e44a9c73a396

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

advapi32

shell32

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 61KB - Virtual size: 60KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 61KB - Virtual size: 60KB