modiloader | c2832a2caf94f2ab45b8e08ea67bb395_JaffaCakes118 | Triage

Sharing

General

Target

c2832a2caf94f2ab45b8e08ea67bb395_JaffaCakes118
Size

321KB
MD5

c2832a2caf94f2ab45b8e08ea67bb395
SHA1

7729af7fe955d2b1f19b409c1021c0d2a6d78e24
SHA256

ef01a9bba43bf4b2fe07d797bde703835936e06346b060242bf7638e42789d2f
SHA512

bbaf931582bb6e1753094cf6e7e2a2105d88aef690f45e20aebf9335d26ab52129b87889cfa234b32f3308404be97714420a0d3b4228059ebf62261d93128316
SSDEEP

6144:AFU2oXPs6CmhDu6PdsjVwupvUkZhWc0O9oaoasBIX4VZMQSMtM8EAUMLB/:IoXPvC8D+vbswoVZhSMtfZ

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c2832a2caf94f2ab45b8e08ea67bb395_JaffaCakes118

Files

c2832a2caf94f2ab45b8e08ea67bb395_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ServiceMain

Sections

CODE
Size: 281KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 70B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ