modiloader | d3c6085b28f25ac024a16dd256e1e561_JaffaCakes118 | Triage

Sharing

General

Target

d3c6085b28f25ac024a16dd256e1e561_JaffaCakes118
Size

159KB
MD5

d3c6085b28f25ac024a16dd256e1e561
SHA1

d557f1cf1f0009556aae3011dca73ea328807302
SHA256

c14dfe8b841b975c5b40fd6482621b6c55f70803c4a13ce7fc8ea61c42697390
SHA512

885579e92b9cd37b197b15cea94a55d31e3d7408131ee89ac4e373d98ed90254f41b5e240a0072f01ff87ad36141fdd243a53714b371db1be271a494c7f356f4
SSDEEP

3072:NeXzTPtZqH+2afFlNliTSa4pSMVjXRibNyyS/vh:sHbzwWljgQx

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3c6085b28f25ac024a16dd256e1e561_JaffaCakes118

Files

d3c6085b28f25ac024a16dd256e1e561_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ