modiloader | ae887d49b6ef4bab22df1aef6a82d37f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ae887d49b6ef4bab22df1aef6a82d37f_JaffaCakes118
Size

401KB
MD5

ae887d49b6ef4bab22df1aef6a82d37f
SHA1

1c46dc0506cff513e43d2b3ee00eb9afcfadb7ee
SHA256

92e4d0425add471bb8ef19a26ffcd2bf65afa6819f05f8473eb3f8d46a4bdc0f
SHA512

cb4bb72fd4a8dfecd06bc67aeb31f1b7aef95b99730f41780d7fb4c4704f9a05e1087041a625f7358697f045daf7ecc111d99fd668c455130ee2b67736ec217f
SSDEEP

6144:mFMWOX2oDq4wlD2fbAJ8uAHMzvbMDvHaQHrx8jSYaq5MYljQ4d/U6zDmWzfzzu:tWOTDq4DAJP+xv6QLkSY3+M/B3tzfW

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader First Stage 1 IoCs

resource	yara_rule
static1/unpack002/Bank Details Changed..exe	modiloader_stage1

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Bank Details Changed..exe

Files

ae887d49b6ef4bab22df1aef6a82d37f_JaffaCakes118
.ace
out.ace
.ace
Bank Details Changed..exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 595KB - Virtual size: 595KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 425KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ