modiloader | d4a5c5aa8cd9bc7e4b1c6c7055024709_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d4a5c5aa8cd9bc7e4b1c6c7055024709_JaffaCakes118
Size

96KB
MD5

d4a5c5aa8cd9bc7e4b1c6c7055024709
SHA1

a72bc37989880b8d2c58907ca26bceb8ad3b0bb2
SHA256

50c0985186d7c6f88c82b2a5af13af43853fdd6e73bbdef1570d5b6383ebfc47
SHA512

7a4c5f5bac1e3bf08fc6a533dff3adb34eb52fde4bd5781a61e309ee3fc2f7ab20f96085f83b43c8d9d5d69f02b7e03d1f6904ace877eb80cbaa70a7ef8ab1a7
SSDEEP

1536:ECvkJkSAwfQAMRo/rTkTT+K0tLq78qFX3Zju8KGRCGyV7zD38n6PHhII8gAmrEG+:ECvkrAwfGqTkTT+K778wnZjFG38n6PH6

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4a5c5aa8cd9bc7e4b1c6c7055024709_JaffaCakes118

Files

d4a5c5aa8cd9bc7e4b1c6c7055024709_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ