modiloader | a3bee42359ad970c6f81576955de0315_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a3bee42359ad970c6f81576955de0315_JaffaCakes118
Size

247KB
MD5

a3bee42359ad970c6f81576955de0315
SHA1

eaf52593bcf571faa00c98d94f85c9d328fafe8f
SHA256

8ba9f01872f23f5d5e6f5a596f1478faf045fede80b8a1820de393e2303c4f72
SHA512

8a7523b05f505f2017a178d6247e7cca9eef5c2eb29683b90184929f37fd7c375f981e317a478b01344943b4b557a60efff5526bcf8bbb2aa0ad9d365a50f5e2
SSDEEP

6144:Hg54ZoUbcrWYzZAnR6XOauJPBDIANeVG/zrCsf0BexuKyy079I:A5pbrx1F+auJhNNeCzrC2UezyyaI

Score

10^/10

modiloader

Malware Config

Extracted

Family

modiloader

C2

https://gdurl.com/oEoF

Signatures

ModiLoader First Stage 1 IoCs

resource	yara_rule
static1/unpack001/Covid19_Index_Case_Report_Scanned_Copy.scr	modiloader_stage1

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Covid19_Index_Case_Report_Scanned_Copy.scr

Files

a3bee42359ad970c6f81576955de0315_JaffaCakes118
.gz
Covid19_Index_Case_Report_Scanned_Copy.scr
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 399KB - Virtual size: 398KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ