modiloader | b18e1133923ca58bfce3841349431ca2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b18e1133923ca58bfce3841349431ca2_JaffaCakes118
Size

2.0MB
MD5

b18e1133923ca58bfce3841349431ca2
SHA1

d6b58387c23dc5425bb2a0af7edf02c0349759bc
SHA256

efa4b8fd1e784628c0e46359b4c77848743c10b061592b0bd263e8879087c28e
SHA512

bbb17712f8bc3bd94a67805579b4ba840b42bd7265a556ed05cc97e34d570f98e35bbafd0ad47ba0806c7ad7c6349577a027b52c85c5ce93a81fdf1ffbde3526
SSDEEP

49152:esLUG98O4NT9rNroO4BRdC1rkLNboTkPj4Pj:7YGyO4jxMBRdau+fj

Score

10^/10

upx modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b18e1133923ca58bfce3841349431ca2_JaffaCakes118

Files

b18e1133923ca58bfce3841349431ca2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a205e8468e3c28e04ff4d2566c31b6d8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

CreateDirectoryA
GetModuleHandleA
LoadLibraryA
VirtualAlloc
GetModuleFileNameA
ExitProcess

user32

EnableMenuItem
MessageBoxA

advapi32

RegQueryInfoKeyA

oleaut32

VariantInit

mpr

WNetGetUserA

gdi32

CreatePalette

comctl32

ImageList_DrawEx

shell32

ShellExecuteA

wininet

InternetReadFile

ws2_32

WSACleanup

winmm

waveInStart

netapi32

Netbios

wsock32

socket

avicap32

capCreateCaptureWindowA

msvfw32

DrawDibClose

urlmon

URLDownloadToFileA

Sections

CODE
Size: 611KB - Virtual size: 611KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 20B - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mackt
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 429KB - Virtual size: 429KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX1
Size: 798KB - Virtual size: 798KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 220B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a205e8468e3c28e04ff4d2566c31b6d8

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

mpr

gdi32

comctl32

shell32

wininet

ws2_32

winmm

netapi32

wsock32

avicap32

msvfw32

urlmon

Sections

CODE Size: 611KB - Virtual size: 611KB

DATA Size: 19KB - Virtual size: 19KB

BSS Size: 27KB - Virtual size: 27KB

.idata Size: 11KB - Virtual size: 11KB

.tls Size: 20B - Virtual size: 20B

.rdata Size: 24B - Virtual size: 24B

.reloc Size: 37KB - Virtual size: 37KB

.rsrc Size: 32KB - Virtual size: 32KB

.mackt Size: 12KB - Virtual size: 12KB

.UPX0 Size: 429KB - Virtual size: 429KB

.UPX1 Size: 798KB - Virtual size: 798KB

.reloc Size: 220B - Virtual size: 220B

CODE
Size: 611KB - Virtual size: 611KB

DATA
Size: 19KB - Virtual size: 19KB

BSS
Size: 27KB - Virtual size: 27KB

.idata
Size: 11KB - Virtual size: 11KB

.tls
Size: 20B - Virtual size: 20B

.rdata
Size: 24B - Virtual size: 24B

.reloc
Size: 37KB - Virtual size: 37KB

.rsrc
Size: 32KB - Virtual size: 32KB

.mackt
Size: 12KB - Virtual size: 12KB

.UPX0
Size: 429KB - Virtual size: 429KB

.UPX1
Size: 798KB - Virtual size: 798KB

.reloc
Size: 220B - Virtual size: 220B