modiloader | b65858aefdbedd04d2c896a4eafc35f5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b65858aefdbedd04d2c896a4eafc35f5_JaffaCakes118
Size

797KB
MD5

b65858aefdbedd04d2c896a4eafc35f5
SHA1

b18b032c9a8b56f1cb0c3e0c3408dfefa378f970
SHA256

a042aa7c982ef3b0346ce37fc8573d24114bdde6b8d68cbf87c37e8352a48bb2
SHA512

75c42267ff9e5ff8c3bb21e319c0ab640836f2ff00b89bc06ea479ed89d243cbbe288ee299fe3fec6644f713eb5ef0c5ec1598d5e986e3326525b07ad2115066
SSDEEP

12288:kyYJW1GurygU3KjsI5SQx9DaAUSQVWFg9DKSpeYOJIpuX7+5H3UqCILs91+Q3rC:kyYV93Ur9DaAUhWFIOSpeY0Kgx13rC

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b65858aefdbedd04d2c896a4eafc35f5_JaffaCakes118

Files

b65858aefdbedd04d2c896a4eafc35f5_JaffaCakes118
.exe windows:1 windows x86 arch:x86

fdbfec85672f73d2a4d49635454936d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
ExitProcess

user32

MessageBoxA

Sections

CODE
Size: 500KB - Virtual size: 500KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 162KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.perplex
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fdbfec85672f73d2a4d49635454936d4

Headers

File Characteristics

Imports

kernel32

user32

Sections

CODE Size: 500KB - Virtual size: 500KB

DATA Size: 26KB - Virtual size: 26KB

BSS Size: - Virtual size: 4KB

.idata Size: 11KB - Virtual size: 11KB

.tls Size: - Virtual size: 20B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 27KB

.rsrc Size: 162KB - Virtual size: 164KB

.perplex Size: 94KB - Virtual size: 94KB

CODE
Size: 500KB - Virtual size: 500KB

DATA
Size: 26KB - Virtual size: 26KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 11KB - Virtual size: 11KB

.tls
Size: - Virtual size: 20B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 27KB

.rsrc
Size: 162KB - Virtual size: 164KB

.perplex
Size: 94KB - Virtual size: 94KB