modiloader | b7b9b5b1b1497d6d0982b8d43b5e2e0a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b7b9b5b1b1497d6d0982b8d43b5e2e0a_JaffaCakes118
Size

295KB
MD5

b7b9b5b1b1497d6d0982b8d43b5e2e0a
SHA1

bcedb035563ca2b8340059ea8bb55b9bd8e21eea
SHA256

664ce96cd936ff1545bc0b193c7109b1c0e4f3da5e90cfcdc2268b90679f473a
SHA512

0e1264e5f4c2de4ae82c37ef9740f25ed62a8f21773c2b661ca68437ef6243e607491f47f9239d59586217edac6a10646f5a55883bd89b24b43fb32a683c8991
SSDEEP

6144:YXQdd7G377xS2Vp2CeiorXdwTBgWx4/53xa:Y9r7xS2Vp6RwTyCx

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7b9b5b1b1497d6d0982b8d43b5e2e0a_JaffaCakes118

Files

b7b9b5b1b1497d6d0982b8d43b5e2e0a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\Giovani\Desktop\Giovani\exploitbinder\NathansBinderStub\NathansBinderStub\obj\Debug\NathansBinderStub.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ