modiloader | bc10d138e258e6ec6d7a0e1aa7d40b5b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bc10d138e258e6ec6d7a0e1aa7d40b5b_JaffaCakes118
Size

1.4MB
MD5

bc10d138e258e6ec6d7a0e1aa7d40b5b
SHA1

f933b59c36a96f496e5766b3fa615cea79df0270
SHA256

23e38305ffbbf4e059833b721b183faa8c0c4184f40c5c48b7a7c1d79151998f
SHA512

eb1fc2206917b6587ddb1c54aa19142b68677db0cffde86f520bd559d3ee3582b58cae020eb99a791d4ffb0ef71d83c841244f54aa8842d82b133e4828ab1620
SSDEEP

24576:OnXHhCXnPAYpDe3GYSvxX3Ctk+bNDnbfMo0FsA:OnXHhCfppDxPd4k+bN8oq

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader First Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage1

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc10d138e258e6ec6d7a0e1aa7d40b5b_JaffaCakes118

Files

bc10d138e258e6ec6d7a0e1aa7d40b5b_JaffaCakes118
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 873KB - Virtual size: 873KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 7KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ