modiloader | d314831e0d52f98f915ad07585982623_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d314831e0d52f98f915ad07585982623_JaffaCakes118
Size

88KB
MD5

d314831e0d52f98f915ad07585982623
SHA1

7c4cb86281b0f94e03eed862719987565fd76f40
SHA256

f7f29e51e6602dc2ec0203cbb89483272893eeaac3bde8ff2e2a7d1aced76771
SHA512

432055c6cbe54f624edfbed7c1be734b9d2ef1de4a135d8de0474a81ea7e5ef393e17f37276e2d6cce778cb28f382c866cb1f6963b06b1215d797ef10130e504
SSDEEP

768:RI3l51bcgBH5T9Zztj7CzrWBFWGXNtmMX5VqkR6QMcXfYP+:Rimg5Tf9u8kotmMX5VnXfYP+

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d314831e0d52f98f915ad07585982623_JaffaCakes118

Files

d314831e0d52f98f915ad07585982623_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ