modiloader | d4119cac5dbc6493cbe25019aa3e5736_JaffaCakes118 | Triage

Sharing

General

Target

d4119cac5dbc6493cbe25019aa3e5736_JaffaCakes118
Size

691KB
MD5

d4119cac5dbc6493cbe25019aa3e5736
SHA1

953f4d6c5d78398f41fc862409c274a4be6836f7
SHA256

48658adb25bfad11ac23b251461b32fa3711752fc3d1804e746549125d39f944
SHA512

40b1a491a82b9efce556f5762b0a2c75549172ba8d63c94e4410c262439e23449f02548be0b4dc9c2718c7398c5a172f8b28aa9642d8a1024366a9c25878c4f4
SSDEEP

12288:9Mw4DTW3vA6dp93jSpFIanlCR9j/cE17/fX+Tk6CzfMLT0o28:unW/A69WDIkyj/zT2TkcLT0k

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4119cac5dbc6493cbe25019aa3e5736_JaffaCakes118

Files

d4119cac5dbc6493cbe25019aa3e5736_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 610KB - Virtual size: 610KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 9KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ