modiloader | a44f29b99072a528a04efb8d74a650c6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a44f29b99072a528a04efb8d74a650c6_JaffaCakes118
Size

149KB
MD5

a44f29b99072a528a04efb8d74a650c6
SHA1

84adeab6422936e200c50b46b7b6cfbe87892c96
SHA256

9658b8a404d6b6a17057a510e1197f78ace07646bd57b105879a71b5b5ce6d1b
SHA512

2d792f98a7a53e784d15042b69f0883a3c1c5a34c35a487c278896a19649077fd3971b31b05c42f330ad763da2190abc88a390d40fab0bd501d247c512320759
SSDEEP

3072:DawJKJky9Pus30VWCk3pwpVqgTi5oYuWAFwoDnS1o3scxJaoagfIs/Te:Da0p+6xpUBiI8s4xrTe

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a44f29b99072a528a04efb8d74a650c6_JaffaCakes118

Files

a44f29b99072a528a04efb8d74a650c6_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

CPlApplet

Sections

CODE
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 73B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ