modiloader | d19cccc438c203853f7851889929bd79_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d19cccc438c203853f7851889929bd79_JaffaCakes118
Size

798KB
MD5

d19cccc438c203853f7851889929bd79
SHA1

556753c5edbeb032cd2b686210bc7113c346c8bc
SHA256

9102c84d233c74d291b580b93c2f35d9c1cfaf0f7617661ffe5cbc3df9d413b1
SHA512

faf103f4f2985b5be6761a07833bfcbdae7dc4bde04fe637e62de6b3d3eca0990fe6f15e6ebb0e3c58131e90b0dd4bec64230d5e8bf342a80a934aa9d2dbc7bf
SSDEEP

12288:D2ss2w8b23zRAAGfrh1gZftfWFYcg0OS+xPere9nqapUm93o39:DY2cDmLo1mYceSEn3J3o39

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader First Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage1

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d19cccc438c203853f7851889929bd79_JaffaCakes118

Files

d19cccc438c203853f7851889929bd79_JaffaCakes118
.exe windows:1 windows x86 arch:x86

1dffae474ece1c3d4dfe5680245c2060

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

VirtualProtect
GetProcAddress
LoadLibraryA
VirtualAlloc
GetCurrentThreadId
GetCommandLineA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
WriteFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

user32

MessageBoxA

Sections

CODE
Size: 607KB - Virtual size: 607KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

LL_CODE
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1dffae474ece1c3d4dfe5680245c2060

Headers

File Characteristics

Imports

kernel32

user32

Sections

CODE Size: 607KB - Virtual size: 607KB

DATA Size: 7KB - Virtual size: 7KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 9KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 36KB - Virtual size: 35KB

.rsrc Size: 62KB - Virtual size: 62KB

LL_CODE Size: 73KB - Virtual size: 73KB

CODE
Size: 607KB - Virtual size: 607KB

DATA
Size: 7KB - Virtual size: 7KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 36KB - Virtual size: 35KB

.rsrc
Size: 62KB - Virtual size: 62KB

LL_CODE
Size: 73KB - Virtual size: 73KB