modiloader | a21034b4580c290f69b9814fbf904e2b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a21034b4580c290f69b9814fbf904e2b_JaffaCakes118
Size

1.2MB
MD5

a21034b4580c290f69b9814fbf904e2b
SHA1

4d24fd1d5595d7b6de4435cbcab7886fc8ccfdd6
SHA256

f3890095b09ad1d1d047d21b55cc12999d5cfb7e53a17e09dba992f854a51a8e
SHA512

fd9735490af3e4c6a4a56340014167cca78f1ad3863e5a353580d17ff031d8285f63943245bd3805589dc4000bfc6e484ba8e91725ec70b69355f6fd4f37b7c2
SSDEEP

24576:9VcQ3tZ7SAp+t9KQ9CFzPhmEpi3TNkUbY9Iawx2tA8F5A1:9VZ6GCKQ9W9pOTN8tJF61

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a21034b4580c290f69b9814fbf904e2b_JaffaCakes118

Files

a21034b4580c290f69b9814fbf904e2b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.textbss
Size: - Virtual size: 788KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 24B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ