modiloader | b4c086142e62f2fedc4f4da84ec74f8c_JaffaCakes118

General

Target

b4c086142e62f2fedc4f4da84ec74f8c_JaffaCakes118
Size

245KB
MD5

b4c086142e62f2fedc4f4da84ec74f8c
SHA1

5024c7db5b6d3c358ff427de10bb0eb0cc93c576
SHA256

1659a4e5bcb8c18c539413193bbfcb08ba31e61ff8f595216ed581cb2b57d317
SHA512

dba2542b1705d4773edc274afe10c1f06760aa8539a1835d8c9cfaaf8fdd29a649ad861f82b0f4bfcdba6b9fa81325e9b8eba4e50abe561af52e06c75328078e
SSDEEP

6144:aqPsLcCe0AhK927RKwDO2HssY/nKzWnA61:aqiDe0EK927RKwPsJp

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4c086142e62f2fedc4f4da84ec74f8c_JaffaCakes118

Files

b4c086142e62f2fedc4f4da84ec74f8c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

aa23c17a406beb3d6ee8bf54605b33eb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
CreateThread
lstrcmpiA
WaitForSingleObject
CreateProcessA
CloseHandle
WriteFile
GetTickCount
CreateFileA
GetLocaleInfoA
GetVersionExA
LoadLibraryA
GetProcAddress
GetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
GetWindowsDirectoryA
InterlockedDecrement
ExpandEnvironmentStringsA
GetModuleFileNameA
ReleaseMutex
CreateMutexA
TerminateThread
GetFileAttributesA
CopyFileA
SetFileAttributesA
ExitProcess
Sleep
GetModuleHandleA
LocalFree
WideCharToMultiByte
GetStartupInfoA
ExitThread

user32

GetWindowTextA
FindWindowExA
SendMessageA
IsWindow
VkKeyScanA
ShowWindow
SetFocus
SetForegroundWindow
keybd_event
BlockInput
SwitchToThisWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetMenu
FindWindowA

msvcrt

_CxxThrowException
wcslen
_controlfp
_except_handler3
__set_app_type
__p__fmode
strncpy
strcpy
sprintf
rand
strchr
strcat
free
memcpy
memset
malloc
strlen
_vsnprintf
??2@YAPAXI@Z
strcmp
strstr
srand
__CxxFrameHandler
_EH_prolog
_snprintf
strtok
memcmp
atoi
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
??1type_info@@UAE@XZ

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantInit

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

aa23c17a406beb3d6ee8bf54605b33eb

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

advapi32

ole32

oleaut32

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 5KB - Virtual size: 275KB

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 5KB - Virtual size: 275KB