modiloader | d40827b3d8da9d229f8a8bf6720b4b8c_JaffaCakes118 | Triage

Sharing

General

Target

d40827b3d8da9d229f8a8bf6720b4b8c_JaffaCakes118
Size

1.2MB
MD5

d40827b3d8da9d229f8a8bf6720b4b8c
SHA1

ad0e644b8bc6d4c7061cebe57ef3d08d9106f147
SHA256

488f84503d541a2927788d2dfc29589bbded242156378bae0e73164d52188144
SHA512

8addad0d51ff9078fd19e101af1af3f42a9b768201ea471deecf045253260928c747311da10ff73287353a3eddbbdcc7e93b9c7e2dd4d6e79abbcf9650a5310e
SSDEEP

24576:RSeVNKRwTpJvHRs1Ml9nyeAoU2qil905FAyDqmsBc/XIMhXrndt7TOUMvCwlt:7NKSTpdxh+JE2l7ndtwl

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d40827b3d8da9d229f8a8bf6720b4b8c_JaffaCakes118

Files

d40827b3d8da9d229f8a8bf6720b4b8c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

baa93d47220682c04d92f7797d9224ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rnhwwofz
Size: 908KB - Virtual size: 912KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

iggucmeq
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE